ACL to allow roled user to edit specific groups

Go to solution
Wayne Richmond
Tera Guru

‎01-29-2019 06:29 AM

Hi guys. I've found another post that suggests this isn't possible via an ACL but it's 4 years old now and I'm hoping another solution might be out there. 

I want to give users with a specific role access to edit the members of specific groups.

The role is called u_incident_report_admin. The condition for the groups is a field on the Group [sys_user_group] table called Team [u_team]. The Team must be 'Security'. My ACL (read,write, create and delete):

find_real_file.png

However, the user with the role cannot see the Edit button on the related list view:

find_real_file.png

Any ideas? Do I need to do something more clever?

Aforementioned post: https://community.servicenow.com/community?id=community_question&sys_id=90598b25db5cdbc01dcaf3231f96...

Preview file
25 KB
Preview file
66 KB
0 Helpfuls
  • 2,934 Views
1 ACCEPTED SOLUTION

Go to solution
The SN Nerd
Giga Sage
Giga Sage

‎01-29-2019 04:37 PM

Yes, you need to do another clever step.
You need a combination of ACL and UI Action condition modifications.

  1. Ensure there is a create ACL for Group Membership table for the u_incident_report role, with no condition. This is because at the time of creating a record, there is no populated group, and there is a canCreate() evaluation on the UI Action. If you have a condition on the group field, it will always evaluate to false and you will see no Edit button.
  2. Find the OOTB Global UI Action 'Edit...' with action name 'sysverb_edit_m2m'
  3. Change table name to 'Group Membership' and select "Insert and Stay"
  4. Add the following condition
    parent.​u_team == "Security"

    Parent is the Group record from the context of the UI Action on the related list. 
    You should end up with:

    (new GlideRecord(current.getTableName())).canCreate() && RP.isManyToMany() && !RP.getListControl().isOmitEditButton() && parent.u_team == "Security"

    Please note I am assuming your field name is 'u_team' and it is a string field. you will need to change this for your solution.


ServiceNow Nerd
ServiceNow Developer MVP 2020-2022
ServiceNow Community MVP 2019-2022

View solution in original post

0 Helpfuls
6 REPLIES 6

Go to solution
The SN Nerd
Giga Sage
Giga Sage
In response to Wayne Richmond

‎02-27-2019 04:16 PM

Depending on your requirements, you can add a role check:

(new GlideRecord(current.getTableName())).canCreate() && RP.isManyToMany() && !RP.getListControl().isOmitEditButton() && (parent.u_team == "Security" || gs.hasRole('admin'))

This would allow users with 'create' access via ACL to only modify Security groups, admins to modify all.
Substitute admin with whatever you need, depending on your requirements.


ServiceNow Nerd
ServiceNow Developer MVP 2020-2022
ServiceNow Community MVP 2019-2022

Go to solution
Wayne Richmond
Tera Guru
In response to The SN Nerd

‎03-04-2019 01:01 AM

Thanks Paul, that's perfect. Cheers buddy.

0 Helpfuls