ACL,Encoded Query , dynamic filter

Shivangi Singh2 · 4 weeks ago

Hi Experts ,

I need help in configuring an Deny unless ACL on sctask table , operation read.

Requirement is : For a particular catalog item let's call it 'abc', it should only be visible to users if assignment group is one of logged in user group.

before i was using data condition but then additional requirement came where we have to show the catalog item to either users having assignment group as one of their groups or to user who is part of xyz group.

Any help is appreciated

Ankur Bawiskar · 4 weeks ago

@Shivangi Singh2

please use advanced script and use this

answer = gs.getUser().isMemberOf('XYZ Group') || gs.getUser().isMemberOf(current.assignment_group);

If my response helped please mark it correct and close the thread so that it benefits future readers.

Regards,
Ankur
✨ Certified Technical Architect || ✨ 9x ServiceNow MVP || ✨ ServiceNow Community Leader

View solution in original post

Bhimashankar H · 4 weeks ago

Hi @Shivangi Singh2 ,

Allow read only if:

The logged-in user is a member of the task’s assignment_group, OR
The logged-in user is a member of the global exception group “xyz”.

All other sc_task for that item should be hidden.

Try below code snippet, leaving requires role blank.

(function () {

  //  allow read only if user is in the assignment group OR in the exception group "xyz"
  // Check exception group first for a quick allow
  if (gs.getUser().isMemberOf("xyz")) {
    answer = true;
    return;
  }

  // If there is no assignment group on the task, deny (no group to match)
  if (!current.assignment_group) {
    answer = false;
    return;
  }

  // Allow if the user is a member of the task’s assignment group
  if (gs.getUser().isMemberOf(current.assignment_group)) {
    answer = true;
    return;
  }

  // Otherwise, deny
  answer = false;
})();

Before creating this ACL, ensure there no other ACL will affect for read role for the users.

Thanks,
Bhimashankar H

-------------------------------------------------------------------------------------------------
If my response points you in the right directions, please consider marking it as 'Helpful' & 'Correct'. Thanks!

View solution in original post

Ankur Bawiskar · 4 weeks ago

@Shivangi Singh2

please use advanced script and use this

answer = gs.getUser().isMemberOf('XYZ Group') || gs.getUser().isMemberOf(current.assignment_group);

If my response helped please mark it correct and close the thread so that it benefits future readers.

Regards,
Ankur
✨ Certified Technical Architect || ✨ 9x ServiceNow MVP || ✨ ServiceNow Community Leader

Ankur Bawiskar · 4 weeks ago

@Shivangi Singh2

Hope you are doing good.

Did my reply answer your question?

If my response helped please mark it correct and close the thread so that it benefits future readers.

Regards,
Ankur
✨ Certified Technical Architect || ✨ 9x ServiceNow MVP || ✨ ServiceNow Community Leader

Ankur Bawiskar · 4 weeks ago

@Shivangi Singh2

Thank you for marking my response as helpful.

If my response helped please mark it correct and close the thread so that it benefits future readers.

Regards,
Ankur
✨ Certified Technical Architect || ✨ 9x ServiceNow MVP || ✨ ServiceNow Community Leader

Shivangi Singh2 · 4 weeks ago

Thank you for the help Ankur ,It worked , idk why i was over complicating the logic.