How restrict records access based on group?

Alberto18 · ‎03-11-2020

We have this requirement where we are to restrict records based on the group a user is a member of. Say we have Group A, Group B, and Group C. We want Group A to full access to records. Group B and Group C should only be accessing records assigned to their group.

What is the best approach to achieve this? Thank you!

Tanaji Patil · ‎03-19-2020

I think this script is overcomplicated becuase-

You only need this restriction for Group B and Group C; so its better to add these conditions in Condition field instead.
Don't miss to replace the group names in the conditions.
You just need one line in the script. I showed 2 options in the code; both works.
Script will show them only tickets assigned to their groups.

Could you please try following BR?

When: Before
Query: True
Condition: gs.getSession().isInteractive() && (gs.getUser().isMemberOf("Group B Name") || gs.getUser().isMemberOf("Group B Name")

Script:
// Copied from list view; works perfectlky fine
// Assignment group is (dynamic) One of My Groups
current.addEncodedQuery("assignment_groupDYNAMICd6435e965f510100a9ad2572f2b47744");

// Could also use following line if like
//current.addQuery("assignment_group","IN",gs.getUser().getMyGroups().toArray().join(","));

-Tanaji

Please mark response correct/hrlpful if applicable

View solution in original post

Alberto18 · ‎03-19-2020

This is how I achieved the requirement using a BR. Is there are a better way to achieve this?

Condition: gs.getSession().isInteractive()

Script:

(function executeRule(current, previous /*null when async*/) {

var myUserObject = gs.getUser();

var myUserGroups = myUserObject.getMyGroups();

var groupsArray = new Array();

var it = myUserGroups.iterator();

var i=0;

while(it.hasNext()){

var myGroup = it.next();

groupsArray[i]=myGroup;

i++;

}

var qc = 'assignment_group.sys_idIN'+groupsArray;

var groupMemberGRSK = new GlideRecord('sys_user_grmember');

groupMemberGRSK.addQuery('group','=','<sys_id>');

groupMemberGRSK.addQuery('user','=',gs.getUserID());

groupMemberGRSK.query();

if (groupMemberGRSK.next()) {

current.addEncodedQuery(qc);

}

var groupMemberGRMB = new GlideRecord('sys_user_grmember');

groupMemberGRMB.addQuery('group','=','<sys_id>');

groupMemberGRMB.addQuery('user','=',gs.getUserID());

groupMemberGRMB.query();

if (groupMemberGRMB.next()) {

current.addEncodedQuery(qc);

}

})(current, previous);

Tanaji Patil · ‎03-19-2020

I think this script is overcomplicated becuase-

You only need this restriction for Group B and Group C; so its better to add these conditions in Condition field instead.
Don't miss to replace the group names in the conditions.
You just need one line in the script. I showed 2 options in the code; both works.
Script will show them only tickets assigned to their groups.

Could you please try following BR?

When: Before
Query: True
Condition: gs.getSession().isInteractive() && (gs.getUser().isMemberOf("Group B Name") || gs.getUser().isMemberOf("Group B Name")

Script:
// Copied from list view; works perfectlky fine
// Assignment group is (dynamic) One of My Groups
current.addEncodedQuery("assignment_groupDYNAMICd6435e965f510100a9ad2572f2b47744");

// Could also use following line if like
//current.addQuery("assignment_group","IN",gs.getUser().getMyGroups().toArray().join(","));

-Tanaji

Please mark response correct/hrlpful if applicable

Alberto18 · ‎03-20-2020

It worked perfectly! Thanks Tanaji!

Priyanka Chandr · ‎03-19-2020

Hi Alberto,

Refer the below link

https://docs.servicenow.com/bundle/newyork-security-management/page/product/secops-integration-vr/qualys/task/restrict-write-by-assign-group.html

If applicable kindly Mark it correct and helpful

Thanks and regards

Priyanka Patil