ACL to restrict access on a particular choice /status value ?

SAS21 · ‎07-25-2023

I have a requirement that if status is 'Completed' then only sysadmin can update status for such records

EG: if Incident status is Completed, only System admin can edit the status but it should be restricted for Incident manager role only when status is completed.

Where as Incident manager role has access to all the fields on the form via *acl.

I have tried this but its not working.

Admin Overrides is checked

Write operation

selected the required field 'Status'

if (current.u_status == 'Deleted') {
if ((gs.getUser().hasRole('x_critcinc_manager')) || (gs.getUser().hasRole('x_mim_manager'))) {
answer = false;
}
} else {
answer = true;
}

Please suggest. Is it possible to restrict the specific choice for a specific role ?

Appreciate the Help

Ankur Bawiskar · ‎07-26-2023

@SAS21

you cannot control choices from ACL.

Better have field level WRITE ACL and then have Before update to check if choice value change is allowed

Regards,
Ankur
✨ Certified Technical Architect || ✨ 9x ServiceNow MVP || ✨ ServiceNow Community Leader

View solution in original post

SAS21 · ‎07-26-2023

If its onload user can edit via List. If i have to restrict at the Database level ? what can be done.. I tried data policy too but with admin role also i see the field is read only when the status is Completed

Ankur Bawiskar · ‎07-26-2023

@SAS21

you cannot control choices from ACL.

Better have field level WRITE ACL and then have Before update to check if choice value change is allowed

Regards,
Ankur
✨ Certified Technical Architect || ✨ 9x ServiceNow MVP || ✨ ServiceNow Community Leader

Nishita Padwal · ‎07-26-2023

Alright,

Try this -
Type = onChange
Field - 'u_inc_status'

function onChange(control, oldValue, newValue, isLoading, isTemplate) {
	
    var status = newValue;

    if (isLoading || newValue === '') {
        if ((status == 'Completed' && (!g_user.hasRole('admin')))) {
            g_form.setReadOnly("u_inc_status", true);
        }
        return;
    }

    //Type appropriate comment here, and begin script below
    if ((status == 'Completed' && (!g_user.hasRole('admin')))) {
        g_form.setReadOnly("u_inc_status", true);
    }

}

This should work on onChange as well as onLoad. Just copy and paste the code.

Let me know if this works.

If helpful, please mark as correct!

Thanks.

Sandeep Rajput · ‎07-26-2023

@SAS21 on line number 1 if (current.u_status == 'Deleted') { you are checking for status Deleted, where as you should have been checking for Completed isn't it?