Access restriction to a Catalog item

Venkatesh5 · ‎04-24-2017

Hi All,

I have scenario. where I have to restrict users to view the Catalog items in Serviceportal based on the level(a custom field value from sys_user form) configured to the user. Below is the code and it is not working as expected. I am not able to view the gs.log() content under System log--> All which is written on below code.

Please share your thoughts to figure out the issue.

Thanks

Venkatesh.P

reginabautista · ‎04-27-2017

Hi Venkatesh,

Try the below solution (I've tested this in my personal dev instance)

var level= gs.getUser().getRecord().getValue('u_level');

var answer = false;

if(level>=6){

answer=true;

}

gs.log(answer);

Also ensure that this User Criteria is assigned in the 'Available for' in your Catalog item. This is usually not visible on the form so you may need to do Configure->Form Layout then select Available For then save the form.

View solution in original post

BALAJI40 · ‎04-25-2017

Hi venkatesh,

This one is worked for me after couple of changes;

1) check the list of role

http://wiki.servicenow.com/index.php?title=Legacy:Service_Catalog_Access_Controls#gsc.tab=0

4.2 Overriding Entitlement Scripts by Role

Navigate to Service Catalog > Catalog Policy > Properties.
Enter the roles for which to override the entitlement script (grant access) in the property List of roles (comma-separated) that override normal entitlement checking inside the catalog. A role of "itil" means that the itil role can order any catalog item, even one protected by entitlement restrictions.

refere jim coyne replay in thread, Entitlement Script not running

if the roles are showing admin only, no need to change the properties.

if those are fine, check the 2nd point.

2) go to this property (sys_property table), glide.sc.use_user_criteria, if value is true then make the value to false.

https:/your-instance-number/sys_properties.do?sys_id=f3d65982c3202100c8b837659bba8fe3&sysparm_view=&sysparm_domain=null&sysparm_domain_scope=null&sysparm_record_row=1&sysparm_record_rows=1&sysparm_record_list=nameSTARTSWITHglide.sc.use_user_criteria%5eORDERBYDESCsys_updated_on

that is URL of the property.

if you do the changes, then entitlement script will work.

This one i have tested in my personal instance it is working as excepted.

script is:

var gr = new GlideRecord("sys_user");

gr.addQuery("sys_id", gs.getUserID());

gr.query();

if (gr.next()) {

if(gr.getValue('u_level')=="6"){

answer=true;

}

else{

answer = false;

}

gs.log('KKKK: This script Include is executing for user:'+gs.getUserDisplayName()+'ans is:'+answer);

answer;

Venkatesh5 · ‎04-27-2017

Hi Balaji,

The above mentioned steps addressed my issue and I have last question, is anything that will affect making glide.sc.use_user_criteria to false.

glide.sc.use_user_criteria

Use "User Criteria" to define access to catalog items and categories. Entitlements are not honored if set to true.

Type: true | false
Default value: true

I will not forget to mark your answer as Correct....

Thanks,

Venkatesh.P

Harish KM · ‎04-27-2017

I assume if you make this property as false. you cannot use User criteria for Catalog items . If it is false you can use Entitlement script. that is what they have explained there

Regards
Harish

BALAJI40 · ‎04-27-2017

As Harish said, it was correct.

I guess there was a problem with that property. Instead of making false, use the User criteria. Check the below Regina's suggestion.

reginabautista · ‎04-27-2017

Hi Venkatesh,

Try the below solution (I've tested this in my personal dev instance)

var level= gs.getUser().getRecord().getValue('u_level');

var answer = false;

if(level>=6){

answer=true;

}

gs.log(answer);

Also ensure that this User Criteria is assigned in the 'Available for' in your Catalog item. This is usually not visible on the form so you may need to do Configure->Form Layout then select Available For then save the form.