Personas are not working as expected.

rohinirc
Tera Contributor

‎07-20-2023 09:39 AM - edited ‎07-20-2023 11:17 PM

While working on Service Bridge Remote Record Producers. Tried using personas, below is the scenario:

I have 2 users Abel (Persona: Customer Admin) and Sbuser (Persona: Customer).

Remote Record Producer 1: Access Request (Persona: Customer) 

Remote Record Producer 2: Delete VM (Persona: Customer Admin) 

Abel can view both Access Request and Delete VM Catalog items.

Same is the use case with sbuser, that user can view both Access Request and Delete VM Catalog items.

 

rohinirc_0-1689870463220.png

 

 

rohinirc_1-1689870463230.png

 

 

Whereas it is expected that Abel should be able to view only Delete VM. and sbuser should be able to view only Access Request. So basically according to defined personas users should be able to view the items.

 

 

Have verified User criteria it does not have any different criteria.

 

Below is the default criteria for the Remote Record Producer:

 

rohinirc_2-1689870463234.png

 

 

Does the requester role is needed to service bridge user? Or What other Role is needed to any user so that service bridge catalog can be viewed according to the Personas defined.

 

Thanks in advance!

0 Helpfuls
  • 443 Views
4 REPLIES 4

BobbyNow
ServiceNow Employee
ServiceNow Employee

‎07-20-2023 12:52 PM

That User criteria is not correct. It is missing the check for persona and has a variable (user_id) with nothing setting it. In the latest version of SB the script looks like this:

var ucForRRP = new sn_nowebonding.SBUserCriteriaForRemoteRecordProducer();
answer = gs.hasRole('sn_nowebonding.requestor') && ucForRRP.validateUserPersona("<SYSID OF THE RRP>");

rohinirc
Tera Contributor
In response to BobbyNow

‎07-24-2023 10:58 AM

Thanks again for your reply! This screenshot is from latest Utah version. Is there any recent patch which has been applied by you? As this criteria is Read Only, I am not able to make the changes to it.

0 Helpfuls

BobbyNow
ServiceNow Employee
ServiceNow Employee

‎07-20-2023 04:21 PM - edited ‎07-20-2023 04:25 PM

One other thing is that the UC script you posted is part of the API used with Product Offering items. PO items do not use personas. Only Remote Record Producers use personas. Ensure that the catalog item you are trying to control access to is in fact on the RRP table. 

On the role question, SB Requestor is required to see all RRPs. If the RRP has one or more personas the user must also have at least one of those roles.

NOTE: Admins can see all items

ersureshbe
Giga Sage
Giga Sage

‎07-23-2023 11:16 AM

hi, if this requirement only for abel then you can configure the condition with employee number or user id and make it visible for Abel. Many users are associated with this config identify common value for that user and configure. If not then you should create the script and make it enable.

Regards,
Suresh.
0 Helpfuls