ACL,Encoded Query , dynamic filter

Shivangi Singh2
Tera Contributor

Hi Experts ,

I need help in configuring an Deny unless ACL on sctask table , operation read.

Requirement is : For a particular catalog item let's call it 'abc', it should only be visible to users if assignment group is one of logged in user group.

before i was using data condition but then additional requirement came where we have to show the catalog item to either users having assignment group as one of their groups or to user who is part of xyz group.

Any help is appreciated

2 ACCEPTED SOLUTIONS

Ankur Bawiskar
Tera Patron
Tera Patron

@Shivangi Singh2 

please use advanced script and use this

answer = gs.getUser().isMemberOf('XYZ Group') || gs.getUser().isMemberOf(current.assignment_group);

If my response helped please mark it correct and close the thread so that it benefits future readers.

Regards,
Ankur
Certified Technical Architect  ||  9x ServiceNow MVP  ||  ServiceNow Community Leader

View solution in original post

Bhimashankar H
Mega Sage

Hi @Shivangi Singh2 ,

 

Allow read only if:

  • The logged-in user is a member of the task’s assignment_group, OR

  • The logged-in user is a member of the global exception group “xyz”.

  • All other sc_task for that item should be hidden.

Try below  code snippet, leaving requires role blank.

(function () {

  //  allow read only if user is in the assignment group OR in the exception group "xyz"
  // Check exception group first for a quick allow
  if (gs.getUser().isMemberOf("xyz")) {
    answer = true;
    return;
  }

  // If there is no assignment group on the task, deny (no group to match)
  if (!current.assignment_group) {
    answer = false;
    return;
  }

  // Allow if the user is a member of the task’s assignment group
  if (gs.getUser().isMemberOf(current.assignment_group)) {
    answer = true;
    return;
  }

  // Otherwise, deny
  answer = false;
})();

 

Before creating this ACL, ensure there no other ACL will affect for read role for the users.

 

 

Thanks,
Bhimashankar H

 

-------------------------------------------------------------------------------------------------
If my response points you in the right directions, please consider marking it as 'Helpful' & 'Correct'. Thanks!

 

View solution in original post

6 REPLIES 6

Ankur Bawiskar
Tera Patron
Tera Patron

@Shivangi Singh2 

please use advanced script and use this

answer = gs.getUser().isMemberOf('XYZ Group') || gs.getUser().isMemberOf(current.assignment_group);

If my response helped please mark it correct and close the thread so that it benefits future readers.

Regards,
Ankur
Certified Technical Architect  ||  9x ServiceNow MVP  ||  ServiceNow Community Leader

@Shivangi Singh2 

Hope you are doing good.

Did my reply answer your question?

If my response helped please mark it correct and close the thread so that it benefits future readers.

Regards,
Ankur
Certified Technical Architect  ||  9x ServiceNow MVP  ||  ServiceNow Community Leader

@Shivangi Singh2 

Thank you for marking my response as helpful.

If my response helped please mark it correct and close the thread so that it benefits future readers.

Regards,
Ankur
Certified Technical Architect  ||  9x ServiceNow MVP  ||  ServiceNow Community Leader

Thank you for the help  Ankur ,It worked , idk why i was over complicating the logic.