3 Replies · Latest reply on Jan 12, 2018 2:29 PM by Steve Driscoll (OCLC)

    ACL to hide REQ if RITM(s) are from Security Sensitive Catalog Items.

      I have 6 catalog item that will contain SSI info. Let say, Employee Termination. It would be use by a manager or HR for immediate termination, "get ready to get walked out" kind of thing so they lose access to system immediately or End of Day. So the ACL has to be tight and limit to the Opened_by, the Approving Manager and the Network Security Team. Don't log or email or show in Reports....


      I have an ACL on sc_req_item that uses a script and a system property that has all the sys_id's of the SSI catalog items. It's working. Looks something like this.

      !gs.getProperty(security_forms).includes(current.cat_item) ... and more logic to let in the people we want hasRole, isApproving....


      The part that is stopping me is writing the SC_Request ACL. The requests short description and the requested_for tell the story that Employee X was walked out so I need to hide it from view but I can't figure out how to write the ACL on sc_request because I can't read the sc_req_item.cat_item. I can't use glide as I assume record level would cripple the system.


      I tried Business Rules, that almost worked but it wasn't very secure (I hacked around it in minutes) and it got in the way of WF actions like Approval and create SC_Task.


      So, I need some advice or ideas on hiding REQ if any of it's RITM are SSI. I maybe can live with hiding the 3 fields but that would have to be every place you can see REQ info.


      I'd rather not hack in some SSI true/false flag when I have the information in a related record.


      Thanks for the time