Visibilty of records based in group membership
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Monday
Hello community experts,
I have a question. So here it goes, I have a case table with multiple cases, Now I want members from assignment group with prefix "LEGAL" should be able to see the cases that belong to their service 'service = Legal request' and other users should not see them but should see all other cases in list view. I want to do it CSM workspace
So I tried to do it with query BR on case table
(function executeRule(current, previous /*null when async*/) {
var userId = gs.getUserID();
// Collect all groups for this user
var groupIds = [];
var grMember = new GlideRecord('sys_user_grmember');
grMember.addQuery('user', userId);
grMember.query();
while (grMember.next()) {
var group = grMember.group;
if (group && group.name.startsWith("LEGAL")) {
groupIds.push(group.sys_id.toString());
}
}
if (groupIds.length === 0) {
// Not in any LEGAL group → hide legal Requests
current.addQuery('service', '!=', 'Legal Request');
} else {
// In an legal → only show cases assigned to their legal groups OR non legal request.
var qc = current.addQuery('service', '!=', 'Legal Request');
qc.addOrCondition('assignment_group', 'IN', groupIds);
}
})(current, previous);But It is not working, Can anyone gimme pointers on where I am doing wrong.
PS: I thought about writing an ACL because it is a record level access but I see another OOB ACL is already giving the role base access to all the records in the table. Since before query business rule takes precedence over ACL. I'm going in the business so route. Please correct me if I am wrong.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Monday
if Legal Request is exact value to compare against service then this should work
(function executeRule(current, previous /*null when async*/ ) {
var userId = gs.getUserID();
var groupIds = [];
var grMember = new GlideRecord('sys_user_grmember');
grMember.addQuery('user', userId);
grMember.query();
while (grMember.next()) {
var groupName = grMember.group.name.toString();
if (groupName.startsWith('LEGAL')) {
groupIds.push(grMember.group.toString());
}
}
if (groupIds.length === 0) {
// User not in any LEGAL group: exclude Legal Request service cases only
current.addEncodedQuery('service!=Legal Request');
} else {
// User in LEGAL group(s)
// Build encoded query:
// Show cases where service is not Legal Request
// OR service is Legal Request AND assignment_group in legal groups
var legalGroupsStr = groupIds.join(',');
var encodedQuery = '^NQservice!=Legal Request^ORservice=Legal Request^assignment_groupIN' + legalGroupsStr;
current.addEncodedQuery(encodedQuery);
}
})(current, previous);💡 If my response helped, please mark it as correct ✅ and close the thread 🔒— this helps future readers find the solution faster! 🙏
Ankur
✨ Certified Technical Architect || ✨ 9x ServiceNow MVP || ✨ ServiceNow Community Leader
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Monday
I just tried to be over smart and change the names of the services
But here is script with the changed names but it is not working
(function executeRule(current, previous /*null when async*/ ) {
var userId = gs.getUserID();
var groupIds = [];
var grMember = new GlideRecord('sys_user_grmember');
grMember.addQuery('user', userId);
grMember.query();
while (grMember.next()) {
var groupName = grMember.group.name.toString();
if (groupName.startsWith('CSM - ORR')) {
groupIds.push(grMember.group.toString());
}
}
if (groupIds.length === 0) {
// User not in any LEGAL group: exclude Legal Request service cases only
current.addEncodedQuery('service!=Open Records Request');
} else {
// User in CSM - ORR group(s)
// Build encoded query;
// Show cases where service is not Open Records Request
// OR service is Open Records Request AND assignment_group in CSM - ORR groups
var legalGroupsStr = groupIds.join(',');
var encodedQuery = '^NQservice!=Open Records Request^ORservice=Open Records Request^assignment_groupIN' + legalGroupsStr;
current.addEncodedQuery(encodedQuery);
}
})(current, previous);
can you see whats wrong.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Monday
sorry but we don't have access to your instance and table
service field is reference type? share dictionary screenshots
Ankur
✨ Certified Technical Architect || ✨ 9x ServiceNow MVP || ✨ ServiceNow Community Leader
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Monday
yes, Service field is a reference field.
I have to following script working.
(function executeRule(current, previous /*null when async*/) {
var user = gs.getUser();
// Admins see everything
if (user.hasRole('admin')) {
return;
}
var userId = user.getID();
var inORR = false;
// Check if user is in any CSM - ORR group
var grMember = new GlideRecord('sys_user_grmember');
grMember.addQuery('user', userId);
grMember.addQuery('group.name', 'STARTSWITH', 'CSM - ORR');
grMember.query();
if (grMember.hasNext()) {
inORR = true;
}
// sys_id of Open Records Request service
var ORRServiceSysId = '2cc8c5da1b5766105b3c6288b04bcbc8';
if (!inORR) {
// Exclude Open Records Request by sys_id
// OR service is empty (null)
var qc = current.addQuery('service', '!=', ORRServiceSysId);
qc.addOrCondition('service', '');
}
// ORR members see all Open Records Request cases — no filtering needed
})(current, previous);but i dont want to use the sys_id as mentioned below.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Monday
