Table level ACL is restricting field level ACL

Go to solution
Community Alums
Not applicable

‎02-12-2024 12:30 AM

Hi Team,

 

We have written an ACL to have RW access to a field in Customer_account table. But there is an ACL which is customer_account.* which is having another role and its not allowing to modify/edit that field.Below is the * level ACL

Ankur20_0-1707726512014.png

 

 

Actually the requirement is for certain groups only should edit that field therefore we cannot give the role of ACl having customer_account.*

 

Below is the field level ACL. Below ACL is blocked/skipped.

Ankur20_1-1707726566232.png

 

Can you tell how to achieve this?

0 Helpfuls
  • 1,013 Views
1 ACCEPTED SOLUTION

Go to solution
Aman Kumar S
Kilo Patron

‎02-12-2024 01:27 AM

Hi @Community Alums 

The ACLs are fine, even if * ACL doesn't allow, field level ACLs should explicilty allow field specific access.

Now coming to the script, what I see you are iterating through the loop, and since you have multiple sys_ids, your code should return true as soon as your script is concluded.

Try below script:

 

answer = checkGroup();
function checkGroup(){
 var groups = gs.getProperty('edit.account.fields");
 var grp groups.split(',');
for (var i=0; i < grp.length; i++) {
      if (gs.getUser().IsMemberOf(grp[i])) {
              return true;
       }
 }
 return false;
}
Best Regards
Aman Kumar

View solution in original post

0 Helpfuls
2 REPLIES 2

Go to solution
SunilKumar_P
Giga Sage

‎02-12-2024 01:11 AM

Hi @Community Alums, Can try adding break after line 6 (answer = true)? If you dont add break, the script loop through all the groups present in that system property and if the last group (loop) gets evaluated to false, the access will not be granted so you can insert a break method and with this if the script returns true ant any point, the script will not run further and will grant the access.

 

Regards,

Sunil

0 Helpfuls

Go to solution
Aman Kumar S
Kilo Patron

‎02-12-2024 01:27 AM

Hi @Community Alums 

The ACLs are fine, even if * ACL doesn't allow, field level ACLs should explicilty allow field specific access.

Now coming to the script, what I see you are iterating through the loop, and since you have multiple sys_ids, your code should return true as soon as your script is concluded.

Try below script:

 

answer = checkGroup();
function checkGroup(){
 var groups = gs.getProperty('edit.account.fields");
 var grp groups.split(',');
for (var i=0; i < grp.length; i++) {
      if (gs.getUser().IsMemberOf(grp[i])) {
              return true;
       }
 }
 return false;
}
Best Regards
Aman Kumar
0 Helpfuls