Hello, i am stuck trying to write a data partition constraint that will allow me to restrict users from only viewing tickets that are assigned to their ORG. Currently right now we are doing this by group with the following.
Call_Req NOT (group.last_name IN ('GroupName)
I would like to accomplish this by Organization not by Group due to the number of groups that we have I have tried the following but its not working
Call_Req NOT (organization.org_num IN ('ORGName')
assignee.organization = @root.organization
Can you share the actual constraint you are using - possibly a screenshot?
I am trying to understand if you are trying to restrict it such that the logged in user has to be in the organization which is specified on the ticket.
As a side note - i see you are attempting to use org_num IN ... but the org number would never be in the Org Name, so that def. wont work.
Let us know a bit more about what you are doing here.
@ddorben - did that do the trick for you?
Thanks Chi, so just for my newbie knowledge the full syntax would be
Call_Req assignee.organization = @root.organization
So what you described is exactly what we want to do. Basically if a user is a part of the the IT ORG lets say then the data partition constraint should be written to allow him to only see tickets that have the IT ORG assigned to it. Currently right now we are restricting the users view of tickets but were doing it by group. And on top of that were using a NOT condition which is worse because i have to specify all the groups that the user does not belong to in order to restrict him to only the group he is in. This gets difficult to manage
Hrm - yeah this is a lot of maintenance whether you are using org or group truthfully. I would have to play around with it for Org to see if I can get it working. Whats odd is that i dont see @root.id there which is the attribute for the "logged in user" - usually it would be something like "group.group_list.member IN (@root.id)" which would specify that the logged in user must be a member of the group which is on the ticket in order for that user to see that ticket.
Now of course this only works if you are basing the policy on the org or group that is on the ticket, and the user belonging to that group or org, rather than trying to accomplish something like "only certain orgs can see certain other orgs tickets...." type of thing.
Let me know if this helps point you in the right direction at all.
Drew, glad it helped. I believe it takes a little time longer you will be very good at it. Thanks _Chi
No dice , it doesn't seem to like that statement.
Yea i understand, restricting by ORG since we only have 7 ORGS is not too hard for us at least. So what your saying is this is not straightforward and needs a lot of work? Kind of like everything else in ServiceDesk lol.. Just kidding
please simply use "
if you put Call_Req in front of it you would get the error
Hey hey be nice
I dont think its super complicated - the difference is that with group its a Many-to-One relationshp where as org is a one-to-one. The group memberships are held in a separate table, where as org is a direct SREL single relationship. I would have to figure out the way to write the constraint for that - let me play around with it and get back to you...
Thanks so much Jon this would be a huge assist.
I get this same error message below when i put in the constraint either way.
Okay so this did work however it slowed my scoreboard to a crawl so i had to revert back but thank you all for the help!!
Try dropping the double quotes around the constraint clause. They're not needed.
I did and now it won't let me save it because i am getting a duplicate record error but the record doesn't exisit. UGH.. haha. Appreciate all your help guys!
I believe you can only have one constraint of a given type per table in any data partition. So you will have to edit the existing View constraint on Call_Req in the IT Management data partition and replace the constraint text with your new text.
In addition, check to see for Data Partition "IT Management" if you might have an inactive constraint for table: Call_Req, Constraint Type: View. We have seen DP's not take because an inactive entry exists.
@ddorben - were you able to add your constraint to the existing view constraint on the cr object? Did it work for you?