Want to write script for the below use case

BoyaGaneshkumar
Tera Contributor

<p>want to write a script which will allow only the “ requested by “ . “ assigned to “ and “ Change manager role” users to edit the close code fields, even for the admin users that field should be read-only , if the admin user is the requested by / assigned to then only during  that time they should be able to edit it.</p>

3 ACCEPTED SOLUTIONS

Runjay Patel
Giga Sage

Hi @BoyaGaneshkumar ,

 

Create write ACL with admin override unchecked, use below code in your ACL script.

// Allow write access if the user is the requested_by, assigned_to, or has the 'change_manager' role
(function() {
    // Get the current user
    var currentUser = gs.getUserID();

    // Check if the user is the "requested by"
    if (current.requested_by == currentUser) {
        return true;
    }

    // Check if the user is the "assigned to"
    if (current.assigned_to == currentUser) {
        return true;
    }

    // Check if the user has the 'change_manager' role
    if (gs.hasRoleExactly('change_manager')) {
        return true;
    }

    // Deny access by default
    return false;
})();

 

 

-------------------------------------------------------------------------

If you found my response helpful, please consider selecting "Accept as Solution" and marking it as "Helpful." This not only supports me but also benefits the community.


Regards
Runjay Patel - ServiceNow Solution Architect
YouTube: https://www.youtube.com/@RunjayP
LinkedIn: https://www.linkedin.com/in/runjay

-------------------------------------------------------------------------

View solution in original post

Juhi Poddar
Kilo Patron

Hello @BoyaGaneshkumar 

In addition to creating ACL's, UI policy and data policy could be another way to meet the requirements.

If you want to restrict users from editing the Close Code field on the form, you can achieve this using a UI Policy.

Steps to Implement on Form:

  1. Create a UI Policy:

    • Navigate to System UI > UI Policies and create a new UI Policy on the Change Request table.
    • Add a condition that always evaluates to true (e.g., state is not empty).
    • Set the Close Code field to be read-only by default.
  2. Add a UI Policy Script:

    • Use the following script to dynamically evaluate user permissions and control the editability of the field:

 

 

 

(function executeRule() {
    var canEdit = false;
    var userSysId = g_user.userID;
    var requestedBy = g_form.getValue('requested_by');
    var assignedTo = g_form.getValue('assigned_to');

    // Allow users in the "Change Manager" role to edit
    if (g_user.hasRole('change_manager')) {
        canEdit = true;
    }

    // Allow users if they are the requested_by or assigned_to
    if (userSysId === requestedBy || userSysId === assignedTo) {
        canEdit = true;
    }

    // Set the read-only state of the Close Code field
    g_form.setReadonly('close_code', !canEdit);
})();

 

For List View:

If you want to enforce the same restrictions in the list view, you can use a Data Policy:

  • Create a Data Policy on the Change Request table.
  • Set the Close Code field to read-only by default.
  • Add conditions to make it editable only for:
    • The Requested By user.
    • The Assigned To user.
    • Users with the Change Manager role.

Outcome:

  • The Close Code field will be read-only for all users except:
    • Requested By
    • Assigned To
    • Users with the Change Manager role
  • Even admins will not be able to edit the field unless they meet one of the above conditions.

"If you found my answer helpful, please like and mark it as an "accepted solution". It helps others find the solution more easily and supports the community!"

 

Thank You
Juhi Poddar

View solution in original post

@BoyaGaneshkumar 

Thank you for marking my response as helpful.

As per new community feature you can mark multiple responses as correct.

If my response helped please mark it correct as well so that it benefits future readers.

Regards,
Ankur
Certified Technical Architect  ||  9x ServiceNow MVP  ||  ServiceNow Community Leader

View solution in original post

4 REPLIES 4

Ankur Bawiskar
Tera Patron
Tera Patron

@BoyaGaneshkumar 

you can use field level WRITE ACL and use advanced script section

Ensure admin overrides is unchecked

Something like this in script

var userId = gs.getUserID();
var isRequestedBy = (current.requested_by == userId);
var isAssignedTo = (current.assigned_to == userId);
var isChangeManager = gs.hasRole('change_manager');

answer = isRequestedBy || isAssignedTo || isChangeManager;

If my response helped please mark it correct and close the thread so that it benefits future readers.

Regards,
Ankur
Certified Technical Architect  ||  9x ServiceNow MVP  ||  ServiceNow Community Leader

@BoyaGaneshkumar 

Thank you for marking my response as helpful.

As per new community feature you can mark multiple responses as correct.

If my response helped please mark it correct as well so that it benefits future readers.

Regards,
Ankur
Certified Technical Architect  ||  9x ServiceNow MVP  ||  ServiceNow Community Leader

Runjay Patel
Giga Sage

Hi @BoyaGaneshkumar ,

 

Create write ACL with admin override unchecked, use below code in your ACL script.

// Allow write access if the user is the requested_by, assigned_to, or has the 'change_manager' role
(function() {
    // Get the current user
    var currentUser = gs.getUserID();

    // Check if the user is the "requested by"
    if (current.requested_by == currentUser) {
        return true;
    }

    // Check if the user is the "assigned to"
    if (current.assigned_to == currentUser) {
        return true;
    }

    // Check if the user has the 'change_manager' role
    if (gs.hasRoleExactly('change_manager')) {
        return true;
    }

    // Deny access by default
    return false;
})();

 

 

-------------------------------------------------------------------------

If you found my response helpful, please consider selecting "Accept as Solution" and marking it as "Helpful." This not only supports me but also benefits the community.


Regards
Runjay Patel - ServiceNow Solution Architect
YouTube: https://www.youtube.com/@RunjayP
LinkedIn: https://www.linkedin.com/in/runjay

-------------------------------------------------------------------------

Juhi Poddar
Kilo Patron

Hello @BoyaGaneshkumar 

In addition to creating ACL's, UI policy and data policy could be another way to meet the requirements.

If you want to restrict users from editing the Close Code field on the form, you can achieve this using a UI Policy.

Steps to Implement on Form:

  1. Create a UI Policy:

    • Navigate to System UI > UI Policies and create a new UI Policy on the Change Request table.
    • Add a condition that always evaluates to true (e.g., state is not empty).
    • Set the Close Code field to be read-only by default.
  2. Add a UI Policy Script:

    • Use the following script to dynamically evaluate user permissions and control the editability of the field:

 

 

 

(function executeRule() {
    var canEdit = false;
    var userSysId = g_user.userID;
    var requestedBy = g_form.getValue('requested_by');
    var assignedTo = g_form.getValue('assigned_to');

    // Allow users in the "Change Manager" role to edit
    if (g_user.hasRole('change_manager')) {
        canEdit = true;
    }

    // Allow users if they are the requested_by or assigned_to
    if (userSysId === requestedBy || userSysId === assignedTo) {
        canEdit = true;
    }

    // Set the read-only state of the Close Code field
    g_form.setReadonly('close_code', !canEdit);
})();

 

For List View:

If you want to enforce the same restrictions in the list view, you can use a Data Policy:

  • Create a Data Policy on the Change Request table.
  • Set the Close Code field to read-only by default.
  • Add conditions to make it editable only for:
    • The Requested By user.
    • The Assigned To user.
    • Users with the Change Manager role.

Outcome:

  • The Close Code field will be read-only for all users except:
    • Requested By
    • Assigned To
    • Users with the Change Manager role
  • Even admins will not be able to edit the field unless they meet one of the above conditions.

"If you found my answer helpful, please like and mark it as an "accepted solution". It helps others find the solution more easily and supports the community!"

 

Thank You
Juhi Poddar