Welcome to Community Week 2025! Join us to learn, connect, and be recognized as we celebrate the spirit of Community and the power of AI. Get the details  

Visibilty of records based in group membership

Srikanth Menava
Kilo Sage

Monday

Hello community experts,
I have a question. So here it goes, I have a case table with multiple cases, Now I want members from assignment group with prefix "LEGAL" should be able to see the cases that belong to their service 'service  = Legal request'  and other users should not see them but should see all other cases in list view. I want to do it CSM workspace

So I tried to do it with query BR on case table 
 

(function executeRule(current, previous /*null when async*/) {
    var userId = gs.getUserID();

    // Collect all groups for this user
    var groupIds = [];
    var grMember = new GlideRecord('sys_user_grmember');
    grMember.addQuery('user', userId);
    grMember.query();
    while (grMember.next()) {
        var group = grMember.group;
        if (group && group.name.startsWith("LEGAL")) {
            groupIds.push(group.sys_id.toString());
        }
    }

    if (groupIds.length === 0) {
        // Not in any LEGAL group → hide legal Requests
        current.addQuery('service', '!=', 'Legal Request');
    } else {
        // In an legal → only show cases assigned to their legal groups OR non legal request.
        var qc = current.addQuery('service', '!=', 'Legal Request');
        qc.addOrCondition('assignment_group', 'IN', groupIds);
    }

})(current, previous);

But It is not working, Can anyone gimme pointers on where I am doing wrong.

PS: I thought about writing an ACL because it is a record level access but I see another OOB ACL is already giving the role base access to all the records in the table. Since before query business rule takes precedence over ACL. I'm going in the business so route. Please correct me if I am wrong.

0 Helpfuls
  • 440 Views
14 REPLIES 14

Monique Rogers
Tera Contributor
In response to Srikanth Menava

Monday - last edited Monday

@Srikanth Menava 

I think I know why nothing has worked so far. Please try the script below and let me know if works. I've modified Ankur's original script a bit to include records that don't have a service defined. If you have cases where a service isn't defined, SQL will exclude those records, I forget the specifics of why, but here's a KB article from ServiceNow discussing it:

https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB0596161

(function executeRule(current, previous /*null when async*/ ) {
    var userId = gs.getUserID();
    var groupIds = [];

    var grMember = new GlideRecord('sys_user_grmember');
    grMember.addQuery('user', userId);
    grMember.query();
    while (grMember.next()) {
        var groupName = grMember.group.name.toString();
        if (groupName.startsWith('LEGAL')) {
            groupIds.push(grMember.group.toString());
        }
    }

    if (groupIds.length === 0) {
        // User not in any LEGAL group: exclude Legal Request service cases only
        current.addEncodedQuery('service.name!=Legal Request^ORservice=NULL');
    } else {
        // User in LEGAL group(s)
        // Build encoded query:
        // Show cases where service is not Legal Request
        // OR service is Legal Request AND assignment_group in legal groups
        var legalGroupsStr = groupIds.join(',');
        var encodedQuery = 'service.name!=Legal Request^ORservice=NULL^NQservice.name=Legal Request^assignment_groupIN' + legalGroupsStr;
        current.addEncodedQuery(encodedQuery);
    }
})(current, previous);

 

0 Helpfuls

k_lutz
Tera Guru

Monday

Hello Srikanth,

 

There might be several issues here but normally I like to try and fix things piece by piece. The first I see that may not be working as expected is this line:

current.addQuery('service', '!=', 'Legal Request');

and this line:

var qc = current.addQuery('service', '!=', 'Legal Request');

Service is most likely a reference field...so you would want to check for the sys_id and not the text unless dotwalking like service.name.

 

Once that is addressed, make sure you are getting all the cases you want for one type of user and what should appear for another type.

0 Helpfuls

Monique Rogers
Tera Contributor
In response to k_lutz

Monday - last edited Monday

ServiceNow best practices advise against hardcoding sys_ids unless it's absolutely necessary, especially in instances where you can use other means to find what you're looking for. 

0 Helpfuls

k_lutz
Tera Guru
In response to Monique Rogers

Monday

Hi Monique,

Yes, the person could place it in a system property or other method to not hard-code it but ServiceNow does it themselves. This is an OOB business rule and I am sure there are other examples in script include.

k_lutz_0-1762186673463.png

 

0 Helpfuls

Monique Rogers
Tera Contributor
In response to k_lutz

Monday

I didn't say that ServiceNow says don't use it at all, nor that they don't use it themselves. I said they advise against it if you have other options. There are other options to solve this problem, and I want the OP to know that hardcoding a sys_id is not only unnecessary in this case but also against best practices (when other options exist).

0 Helpfuls