JavaScript conditions in ACL scopes

All ACL scopes provide the option to apply additional logic using JavaScript by enabling the “Use extra condition script” setting.

This mechanism allows you to refine access rights beyond the standard scope, items, and rights configuration.

Purpose of the extra condition script

The extra condition script is evaluated at runtime and determines whether the ACL rule applies in a specific context. It enables advanced, dynamic permission logic based on:

  • Values of other parts (fields)

  • Object metadata (such as phase or state)

  • User-related context

  • Relationships or document properties

  • Custom business rules that cannot be expressed with static ACL configuration

How it works

  • When Use extra condition script = No The ACL is applied purely based on scope, items, rights, and Personas.

  • When Use extra condition script = Yes The ACL is only applied if also the JavaScript expression evaluates to true.

If the script returns false, the ACL rule is ignored for that situation.

Script behavior

  • The script must return a boolean value (true or false).

  • JavaScript can reference parts, values, and system information using the available replace tokens (for example #REPLACE-PARTVALUE-…#).

  • The script does not replace the ACL configuration, but adds an extra conditional layer on top of it.

Typical use cases

Examples of when to use an extra condition script:

  • Grant edit rights only when the object is in a specific phase

  • Restrict access to documents based on a selected category

  • Allow certain Personas to act only if another field has a specific value

  • Apply different permissions depending on related object data

Important notes

⚠️ Best practice Use JavaScript conditions only when standard ACL configuration is insufficient. Overusing scripts can make access rules harder to understand and maintain.

⚠️ Debugging Incorrect or incomplete scripts may result in unexpected access behavior. Always test ACLs thoroughly after adding or changing JavaScript conditions.

Last updated

Was this helpful?