ACL

Community Alums
Not applicable

Hi all, 

 

I want to make an ACL for 50 CI from diffrent ci table like some from server some from unix some from windows,

currently I am using this script in cmdb_ci*none condition but it is not working. I want to restrict all users other than a particular group to read and write in these 50 ci . 

I am using sys id of CI as all these belongs to diffrent CI table .

 

 

 

var allowedCIs = [
    "3330b3dfeb9796104e2cfe56cad0cddc", "3f30b3dfeb9796104e2cfe56cad0cdcd", "7b30b3dfeb9796104e2cfe56cad0cdd3", "7f30b3dfeb9796104e2cfe56cad0cdde", "b730b3dfeb9796104e2cfe56cad0cdd6", "f330b3dfeb9796104e2cfe56cad0cdd9",
    "3d8af717eb1b96104e2cfe56cad0cd0f", "798af717eb1b96104e2cfe56cad0cd0c", "a58af717eb1b96104e2cfe56cad0cd09", "e18af717eb1b96104e2cfe56cad0cd03", "fd8af717eb1b96104e2cfe56cad0cd12", "828af717eb1b96104e2cfe56cad0cd16", "468af717eb1b96104e2cfe56cad0cd19",
    "1a1eff1beb1b96104e2cfe56cad0cd0c","0e1eff1beb1b96104e2cfe56cad0cd02", "161eff1beb1b96104e2cfe56cad0cd09", "d21eff1beb1b96104e2cfe56cad0cd1c", "ad1004ebeb1b96104e2cfe56cad0cd44","2e1eff1beb1b96104e2cfe56cad0cd22", "061ebf1beb1b96104e2cfe56cad0cdfc", "3d1ebf1beb1b96104e2cfe56cad0cdf5", "e61eff1beb1b96104e2cfe56cad0cd1f", "021ebf1beb1b96104e2cfe56cad0cdf9",
    "0a1ebf1beb1b96104e2cfe56cad0cdff", "2a1eff1beb1b96104e2cfe56cad0cd43", "f61eff1beb1b96104e2cfe56cad0cd4a", "2e1eff1beb1b96104e2cfe56cad0cd3f" ,"f21eff1beb1b96104e2cfe56cad0cd47" , "bd1ebf1beb1b96104e2cfe56cad0cda7" , "251ebf1beb1b96104e2cfe56cad0cda1" , "e91ebf1beb1b96104e2cfe56cad0cd85" , "b91ebf1beb1b96104e2cfe56cad0cda4",
   
    "1825bb5febd796104e2cfe56cad0cdfc", "1c25bb5febd796104e2cfe56cad0cdf8", "2425fb5febd796104e2cfe56cad0cd00", "4025bb5febd796104e2cfe56cad0cd5e", "4b157b5febd796104e2cfe56cad0cd9a",
    "4f157b5febd796104e2cfe56cad0cd9d", "53157b5febd796104e2cfe56cad0cda1", "57157b5febd796104e2cfe56cad0cda4", "6715bb5febd796104e2cfe56cad0cd13", "9c25bb5febd796104e2cfe56cad0cdf4",
    "a715bb5febd796104e2cfe56cad0cd08", "ab15bb5febd796104e2cfe56cad0cd0b", "af15bb5febd796104e2cfe56cad0cd0e", "b2153b5febd796104e2cfe56cad0cd8f", "bb15bb5febd796104e2cfe56cad0cd5a",
    "c025bb5febd796104e2cfe56cad0cdb0", "c025bb5febd796104e2cfe56cad0cdf0", "c425bb5febd796104e2cfe56cad0cdac", "cb157b5febd796104e2cfe56cad0cd17", "cf157b5febd796104e2cfe56cad0cd1a",
    "d3157b5febd796104e2cfe56cad0cdf2", "d7157b5febd796104e2cfe56cad0cdf5", "db157b5febd796104e2cfe56cad0cdf8", "e025fb5febd796104e2cfe56cad0cd42", "f2157b5febd796104e2cfe56cad0cd11",
    "f6157b5febd796104e2cfe56cad0cd14", "ff15bb5febd796104e2cfe56cad0cd56"
];

// Check if the CI's sys_id is in the allowed list
if (allowedCIs.includes(current.sys_id)) {
    // Check if the user is in the special group
    answer = gs.hasRole("custom_ci_editor_BD_Support");
} else {
    answer = false;
}
 
 
 
Kindly tell me how to do it.
 
2 REPLIES 2

Sandeep Rajput
Tera Patron
Tera Patron

@Community Alums The script looks fine. Did you check if any there are table level ACLs on the child tables of cmdb_ci table which are preventing the access? 

Ankur Bawiskar
Tera Patron
Tera Patron

@Community Alums 

what debugging did you perform?

If my response helped please mark it correct and close the thread so that it benefits future readers.

Regards,
Ankur
Certified Technical Architect  ||  9x ServiceNow MVP  ||  ServiceNow Community Leader