This article demonstrates how to configure Group Members (sys_user_grmember) edit capability, so that only the Group Manager is able to edit (as in add/remove) members from the group


Please keep in mind that this article falls beyond the scope of support as it is a customized implementation. Below are just suggestions for reference which we have provided here to help solve similar issues.

  1. Create (or modify) the three record ACLs for table - sys_user_grmember as perbelow:

    1.1 Configure a READ ACL for sys_user_grmember table
    1.2 Configure a WRITE ACL for sys_user_grmember table
    1.3 Configure a DELETE ACL for sys_user_grmember

    2. All above ACLs can have the same script code as per below: 

    var answer = false;
    if( (gs.hasRole('user_admin')) || ( == gs.getUserID() ) )
    { answer = true; }

    3. Configure a CREATE ACL for sys_user_grmember, since adding group member involves the many to many relationship on the saved record when using slushbucket.
    Below is the code suggestion to make the CREATE ACL work:

    var answer = validate();
    function validate(){
     if( gs.hasRole('user_admin') ) {
      return true;
      var manager =;

      if(manager !='' && manager == gs.getUserID())
      { //check in current relationship
        return true;
      else { //check in parent relationship
        var parentManager = parent.manager;
        var parentName =;
        if(parentManager == gs.getUserID() )
          return true;

Applicable Versions



Article Information

Last Updated:2019-05-21 11:51:09