特定の条件に当てはまる場合のIncidentテーブルの閲覧を制御したい
- 新着としてマーク
- ブックマーク
- 購読
- ミュート
- RSS フィードを購読する
- ハイライト
- 印刷
- 不適切なコンテンツを報告
02-26-2025 03:35 AM
(English follows Japanese)
Incidentテーブルの閲覧を制限するBusiness Ruleを作っています。
① systemユーザーではない
② インタラクティブユーザーである
③ 特定のグループのメンバーではない
④ Callerではない
⑤ Watch listに入っていない
このすべての条件が満たされる場合に、「Short descriptionが「特定の名称」ではない、あるいは、空白である」Incidentが見れるようにしたいです。
①~③の条件はConditionで記載できたのですが、④~⑤がうまくいきません。
Condition:
gs.getUserName() != 'system' && gs.isInteractive() == true && gs.getUser().getMyGroups().indexOf('<特定のグループのsys_id>')==-1
Script:
(function executeRule(current, previous /*null when async*/ ) {
var QueryString1 = 'short_descriptionNOT LIKE特定の名称^ORshort_descriptionISEMPTY';
current.addQuery(QueryString1);
})(current, previous);
Condition を以下に書き換えてもうまくいきません。
gs.getUserName() != 'system' && gs.isInteractive() == true && gs.getUser().getMyGroups().indexOf('<特定のグループのsys_id>')==-1 && current.caller_id != gs.getUserID() && current.watch_list.indexOf(gs.getUserID()) == -1
どうしたら実現できるか、ご存知の方はいらっしゃいますか?
---
I am creating a Business Rule to restrict access to the Incident table.
- The user is not a system user.
- The user is an interactive user.
- The user is not a member of a specific group.
- The user is not the Caller.
- The user is not on the Watch list.
If all these conditions are met, I want users to be able to view Incidents where the “Short description” is not a “specific name” or is empty.
I was able to specify conditions for 1 to 3, but I’m having trouble with 4 and 5.
Condition:
gs.getUserName() != 'system' && gs.isInteractive() == true && gs.getUser().getMyGroups().indexOf('<specific group sys_id>') == -1
Script:
(function executeRule(current, previous /*null when async*/) {
var QueryString1 = 'short_descriptionNOT LIKE <specific name>^ORshort_descriptionISEMPTY';
current.addQuery(QueryString1);
})(current, previous);
Even when I rewrite the condition as follows, it doesn’t work:
gs.getUserName() != 'system' && gs.isInteractive() == true && gs.getUser().getMyGroups().indexOf('<specific group sys_id>') == -1 && current.caller_id != gs.getUserID() && current.watch_list.indexOf(gs.getUserID()) == -1
Does anyone know how I can achieve this?
- ラベル:
-
business rule
-
Incident
- 新着としてマーク
- ブックマーク
- 購読
- ミュート
- RSS フィードを購読する
- ハイライト
- 印刷
- 不適切なコンテンツを報告
02-26-2025 11:02 PM
I've updated my business rule to your recommendation, but it didn't work well. When I debug, it seems that current.caller_id on the script is not working (output is empty string).
- 新着としてマーク
- ブックマーク
- 購読
- ミュート
- RSS フィードを購読する
- ハイライト
- 印刷
- 不適切なコンテンツを報告
02-26-2025 11:10 PM
If the Business Rule is running before the caller_id is set, then current.caller_id will be empty. If you're using the Before Business Rule, ensure that the caller_id field is set in the incident record before the rule runs. If not, you might want to try using an After Business Rule.
If you continue to encounter issues with the caller_id, you may want to look into whether the field is being set correctly on incident creation or review the ServiceNow logs to identify any possible issues with record creation.
- 新着としてマーク
- ブックマーク
- 購読
- ミュート
- RSS フィードを購読する
- ハイライト
- 印刷
- 不適切なコンテンツを報告
02-26-2025 11:35 PM
This Business Rule is not related to the creation of the record but this works when a user sees a record on record view or list view. Which means that every records already have caller_id.
- 新着としてマーク
- ブックマーク
- 購読
- ミュート
- RSS フィードを購読する
- ハイライト
- 印刷
- 不適切なコンテンツを報告
02-27-2025 12:08 AM
If that the case, it should print the caller_id.
To prevent a user from viewing records, you can use Access Control Rules (ACLs). ACLs provide a way to restrict read or write access to records based on conditions such as caller_id, groups, or watch lists.
Create an ACL for Incident Table:
Set the Type to Record and Operation to Read (because you want to restrict view access).
Select the Table to be Incident.
In the Condition Script of the ACL, add the logic to restrict visibility based on the conditions you outlined.
(function() {
var user = gs.getUser();
// Ensure the user is not the caller
if (current.caller_id == user) {
return true; // Allow the caller to view the record
}
// Ensure the user is not a member of the specific group
if (user.getMyGroups().indexOf('<specific_group_sys_id>') !== -1) {
return true; // Allow if the user is in the group
}
// Ensure the user is not in the watch list
if (current.watch_list.indexOf(user.getID()) !== -1) {
return true; // Allow if the user is in the watch list
}
// Ensure the short description is not a "specific name" or is empty
var shortDescription = current.short_description.toString();
if (shortDescription !== 'specific name' && shortDescription !== '') {
return false; // Restrict visibility if the conditions are met
}
return true; // Allow by default
})();
- 新着としてマーク
- ブックマーク
- 購読
- ミュート
- RSS フィードを購読する
- ハイライト
- 印刷
- 不適切なコンテンツを報告
02-27-2025 02:13 AM
Is the setting correct? I also set script condition and saved, but it didn't work as well.
