Restrict Access to edit on catalog task if member/role is from XYZ assignment group
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎02-22-2024 04:25 AM
I am creating a SR TASK and assigning it to a XYZ group from a workflow, after SR TASK creation only members and roles of the XYZ Assignment group can modify / edit the SR TASK and everyone else can only view the record.
How can I achieve this?
Is there any other way to do so without using ACLs?
Thank you

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎02-22-2024 04:35 AM
Hi,
ACL is the easier way to do this. Other option is client script. You can call a Ajax Script and check whether the current user is member of the group. If not then set all the fields as read only.
Thank you,
Palani
Palani
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎02-22-2024 04:42 AM
Hi @SNewbies,
ACL is the best way to do this.
Here's a high-level example of what the ACL might look like:
- Name: Restrict Edit Access for XYZ Assignment Group
- Applies to: Catalog Task (or the specific table you're working with)
- Operation: Write
- Condition: When the current user's assignment group is XYZ
- Roles: Any roles that should be exempt from this restriction
- Actions: whatever action you want to take
Please mark my answer as correct or helpful if it helps you.
Thanks,
Kanhaiya
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎02-22-2024 05:04 AM
Lately, the number of questions related to solutions where ACL's are the best option, with the explicit request not to use ACL's is getting is huge.
What is your objection to using ACL's? It's a genuine question, because if you have something that can only be read by one party and written to by another, then you are absolutely talking about ACL's.
Of course it can be done differently. You can write a client script or scripted UI policy to get the same, but that's less secure (since those need to load) and you will still need to script the exact same thing as you need to in an ACL.
Please mark any helpful or correct solutions as such. That helps others find their solutions.
Mark