ACL to apply to only specific groups

Trideep
Tera Contributor

I have a scenerio
There are three assignment groups: Group A, Group B, and Group C.

Users in these groups all have the itil role.

RITMs (sc_req_item records) will be assigned to one of these three groups.

The requirement is that users should only see RITMs assigned to their own group:
->A user in Group A should only see RITMs assigned to Group A.
->A user in Group B should only see RITMs assigned to Group B.
->A user in Group C should only see RITMs assigned to Group C.

Users from one of these three groups should not see RITMs assigned to the other two groups.

This restriction should apply only to users in Group A, B, and C.

Other users (outside these three groups) should continue to see RITMs as allowed by the existing ACLs.

There are existing OOB read ACLs on the sc_req_item table that use role like snc_internal.

Question:

How can I enforce this group-based visibility rule on RITMs, where users in Group A, B, or C can only see RITMs assigned to their own group, without modifying or removing the existing ACLs, and without affecting users outside these groups?

5 REPLIES 5

Hi @Masthan Sharif,

I was able to achieve it using before query business rule. However, the issue is when I submit the catalog form the flow designer doesn't attach to the RITM which means even in the flow designer the query is applied which results in flow designer not getting RITM. 
Is there any way to bypass the before query br in the flow designer. Note: Flow designer runs as system user.
I tried using gs.isInteractive() in the condition still no luck. Any suggestions would be appreciated. Thank you!