Acl Restriction from incident task table to incident based on current assignment group user

vasantha Teja
Tera Contributor

Hi All, Hope you're working well!

I want ACL script and Guidelines also  If a user is part of the assignment group of an incident task, they should be able to access the incident ticket (parent) as well.

Here No specific Assignment Group and No Specific Roles For the Group members. Mainly Users haven't an "ITIL" Role. 

Name :incident_task none

operation:Read

Type: Record

script:-

if (gs.getUser().isMemberOf(current.assignment_group)) {

answer = true;

} else {

answer = false;

}

For the above script I get user's incident task Records of an part of an assigenment group only. Incident Record was not access. I got Error message Like "Record not Found". Please Help Me ASAP.

Thanks In Advance!

Teja.vasantha

6 REPLIES 6

Robbie
Kilo Patron
Kilo Patron

Hi @ vasantha Teja,

 

ACL's are table-specific, so whilst you experience the behavior desired on the Incident Task record (as per your script), you will need to implement a separate ACL on the Incident table (or update an existing ACL).

 

Points for consideration on the ACL script:

An Incident can have more than one Incident Task. You'll have to check all of the related incident tasks and their associated groups as they could be assigned to different groups.

 

You'll want something along the lines of this in the ACL on the Incident table:

 

var incSysID = current.sys_id;

var incGroup = current.assignment_group;

var incTasks = new GlideRecord('incident_task');

incTasks.addQuery('incident.sys_id', incSysID);

incTasks.query();

while(incTasks.next()){

    if(incTasks.assignment_group == incGroup){

        answer = true;

        //Found match, no need to check any further

        return answer;

    }

    else{

        answer = false;

    }

    return answer;

}

 

To help others (or for me to help you more directly), please mark this response correct by clicking on Accept as Solution and/or Helpful.

 

Thanks, Robbie

Hi @Robbie sir, It's not working. could you please give me another reference script to me.

Hi @ vasantha Teja,

 

I did actually check this on my PDI (Personal Dev Instance) so I know it's working with a baseline configuration.

Please note that you could have other ACL's in place on the incident table as well which could be affecting the behavior.

Let's start with the ACL you've tried, can you share a screenshot please, and confirm you've placed it on the Incident table?

 

To help others (or for me to help you more directly), please mark this response correct by clicking on Accept as Solution and/or Helpful.

 

Thanks, Robbie

 

Script to copy:

 

var answer = false;

var incSysID = current.sys_id;

var incGroup = current.assignment_group;

var incTasks = new GlideRecord('incident_task');

incTasks.addQuery('incident.sys_id', incSysID);

incTasks.query();

while(incTasks.next()){

    if(incTasks.assignment_group == incGroup){

        answer = true;

        //Found match, no need to check any further

        return answer;

    }

    else{

        answer = false;

    }

    return answer;

}

SunilKumar_P
Giga Sage

Hi @ vasantha Teja, as per my knowledge, the ACLs on parent table will be applied to child table unless there is any specific ACLs for the same action on the child table. Hence, your ACL on the incident_task will be applied only to that table which is working the sameway now. If you want to control the access on the incident records, you may need to create another ACL on the Incident.

 

Regards,

Sunil