Limit the visibility of Incident record based on caller field
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
a week ago
Incident raised a particular caller should be visible only to the current assignment group and support group of the ci and for some particular roles. We have created a before query business rule to implement this but it is not working when we are dot walking through current object. Also we tried with acl that too didn't work. Can anyone please provide a solution.
Below is my BR:(function
executeRule(current, previous /*nul] when async*/ ) (
var answer = gs.getUser(). isMember0f(current.assignment_group.tostring())||gs.getUser().isMember0f(sys_id) || gs.getUser().isMemberof(current.
cmdb_ci. support_group.tostring()) || gs.hasRole('service_desk');
if (answer) {
current. addEncodedQuery('caller_id=sys_id');
}else[
current. addEncodedQuery(' caller_id!=sys_id);
}) (current, previous);
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
a week ago
Hey @Helan
Before query business rules don't have access to field values with the current object since the database information has not been retrieved at that point. You can add to the query but not get "current" record data. If the caller and the assignment groups are static, then something like this should work on the business rule:
var user = gs.getUser();
var answer = user.isMemberOf(<assignment group a>) || user.isMemberOf(<assignment group b>) || user.isMemberOf(<assignment group c>) || user.hasRole('service_desk');
if (!answer) {
//repeat for each user if needed
current.addEncodedQuery('caller_id!=<users sys>');
}
Ideally this would be done in an ACL with some scripting for the record values if they are more dynamic. What was the issue you encountered with the ACL?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
a week ago
ACL didn't work,the incident was visible for all the users. And also the current assignment group and the CI varies for the Incidents
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
a week ago
Hi @Helan
Try with this Before Query BR
(function executeRule(current, previous /*null when async*/) {
if (gs.hasRole('admin') || gs.hasRole('itil_admin') || gs.hasRole('service_desk')) {
return;
}
var user = gs.getUserID();
var userGroups = gs.getUser().getMyGroups();
var qc = current.addNullQuery('sys_id');
qc.addOrCondition('caller_id', user);
qc.addOrCondition('assignment_group', 'IN', userGroups);
qc.addOrCondition('cmdb_ci.support_group', 'IN', userGroups);
})(current, previous);
Regards
Tanushree Maiti
ServiceNow Technical Architect
LinkedIn: https://www.linkedin.com/in/tanushreemaiti
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
a week ago
An acl can work for this and is a better option than a before query business rule since the conditions are dynamic. We use acl's for similar use cases. You can store the logic mapping in something like a decision table and reference that in the acl script. You could also use a script include or system property but overall the business rule is not the best option for this.
