Prevent admin from overriding UI action conditions

 I have observed that the requires roles is automatically overridden by the admin role

to get around this:

- if the ui action (such as on sysapproval_approver) has an entry with requires roles = admin only (for example UI action with sys id 82183da3c3511200f7d1ca3adfba8f21), just disable it or replace with security_admin instead for elevated roles


- if the ui action as in the case of a custom button has something like this the admin role will automatically override it seems. Same applies to the condition field using gs.hasRole



to get around this, use one of these variants in the server script on the UI action to either allow security_admin only access or no access for admins:

//allow security admin access var sAllRoles = gs.getUser().getRoles(); var iChgAdm = sAllRoles.indexOf('change_manager'); var iCatAdm = sAllRoles.indexOf('catalog_admin'); var iSecAdm = sAllRoles.indexOf('security_admin'); if (iChgAdm < 0 && iCatAdm < 0 && iSecAdm < 0) { gs.addErrorMessage('you do not have the role'); action.setRedirectURL(current); return false; } //Or to remove altogether from admins use this script var sAllRoles = gs.getUser().getRoles(); var iChgAdm = sAllRoles.indexOf('change_manager'); var iCatAdm = sAllRoles.indexOf('catalog_admin'); var iSAdm = gs.hasRole('admin'); if (iChgAdm < 0 && iCatAdm < 0 && iSAdm > 0) { gs.addErrorMessage('you do not have the role'); action.setRedirectURL(current); return false; }

Comments

Popular posts from this blog

GlideRecord setValue

variable advanced reference qualifier example

URL link in addInfoMessage