Acl Restriction from incident task table to incident based on current assignment group user
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-08-2024 09:18 AM
Hi All, Hope you're working well!
I want ACL script and Guidelines also If a user is part of the assignment group of an incident task, they should be able to access the incident ticket (parent) as well.
Here No specific Assignment Group and No Specific Roles For the Group members. Mainly Users haven't an "ITIL" Role.
Name :incident_task none
operation:Read
Type: Record
script:-
if (gs.getUser().isMemberOf(current.assignment_group)) {
answer = true;
} else {
answer = false;
}
For the above script I get user's incident task Records of an part of an assigenment group only. Incident Record was not access. I got Error message Like "Record not Found". Please Help Me ASAP.
Thanks In Advance!
Teja.vasantha
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-09-2024 05:50 AM - edited 02-09-2024 05:50 AM
Hi @ vasantha Teja,
ACL's are table-specific, so whilst you experience the behavior desired on the Incident Task record (as per your script), you will need to implement a separate ACL on the Incident table (or update an existing ACL).
Points for consideration on the ACL script:
An Incident can have more than one Incident Task. You'll have to check all of the related incident tasks and their associated groups as they could be assigned to different groups.
You'll want something along the lines of this in the ACL on the Incident table:
var incSysID = current.sys_id;
var incGroup = current.assignment_group;
var incTasks = new GlideRecord('incident_task');
incTasks.addQuery('incident.sys_id', incSysID);
incTasks.query();
while(incTasks.next()){
if(incTasks.assignment_group == incGroup){
answer = true;
//Found match, no need to check any further
return answer;
}
else{
answer = false;
}
return answer;
}
To help others (or for me to help you more directly), please mark this response correct by clicking on Accept as Solution and/or Helpful.
Thanks, Robbie
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-11-2024 11:33 PM
Hi @Robbie sir, It's not working. could you please give me another reference script to me.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-12-2024 06:10 AM - edited 02-12-2024 06:15 AM
Hi @ vasantha Teja,
I did actually check this on my PDI (Personal Dev Instance) so I know it's working with a baseline configuration.
Please note that you could have other ACL's in place on the incident table as well which could be affecting the behavior.
Let's start with the ACL you've tried, can you share a screenshot please, and confirm you've placed it on the Incident table?
To help others (or for me to help you more directly), please mark this response correct by clicking on Accept as Solution and/or Helpful.
Thanks, Robbie
Script to copy:
var answer = false;
var incSysID = current.sys_id;
var incGroup = current.assignment_group;
var incTasks = new GlideRecord('incident_task');
incTasks.addQuery('incident.sys_id', incSysID);
incTasks.query();
while(incTasks.next()){
if(incTasks.assignment_group == incGroup){
answer = true;
//Found match, no need to check any further
return answer;
}
else{
answer = false;
}
return answer;
}
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-09-2024 05:56 AM
Hi @ vasantha Teja, as per my knowledge, the ACLs on parent table will be applied to child table unless there is any specific ACLs for the same action on the child table. Hence, your ACL on the incident_task will be applied only to that table which is working the sameway now. If you want to control the access on the incident records, you may need to create another ACL on the Incident.
Regards,
Sunil
