Advanced Reference Qualifier only works for certain role

leslie8 · ‎08-14-2015

I have installed the Loaner Management application by Chuck Tomasi. This was made in an old version of ServiceNow and I have made it work in Fuji with some customization.

I am running into a major issue with the Advanced Reference Qualifier in the Record Producer on the field cmdb_ci.

The reference qualifier is designed to return only the particular loaner items that are available between the selected start and end date. Thus, if the loaner is already reserved for any date in between the selected date, it doesn't show up in the list.

This works great -- ONLY for users with the role "loaner_admin". I noticed that any user that doesnt have that role, the reference qualifier isn't working! The reference field returns ALL of the items, even if they are already booked for the time period.

I tried logging in as a loaner_admin user and it works, but when I log in as a user with any other role, ALL of the items are available in the list and this results in a DOBULE booking. Yikes!

I then granted my test user the loaner_admin role and it worked. So, I know it has to do with an ACL on that role.

I experimented with the ACL rules, I added the role "user" to the "write" action on the cmdb_ci field but that did not solve the issue.

Reference Qualifier on cmdb_ci

javascript: new LoanerUtilsClient(current).availableCis(current.variables.item_type, current.variables.depot, current.variables.start_date, current.variables.end_date);

rob_pastore · ‎08-14-2015

I'm not familiar with the App you have loaded... but the issue could be with another table you may be querying in the function that the ref qualifier calls. Were there any custom tables created with this app?

leslie8 · ‎08-14-2015

the reference qualifier is here. There is a custom table loaner_request. The reference qualifier calls the cmdb_ci table. The loaner_admin role was generated by the system when the application was created. The reference qualifer returns the correct results when the user has the loaner_admin role, but returns ALL items otherwise, which results in overbooking an item.

availableCis : function(class_name, depot_name, start, end) {

var ci = new GlideRecord('cmdb_ci');

var installStatusProperty = gs.getProperty('glide.loaner.install_status');

var checkAvailProperty = gs.getProperty('glide.loaner.check_availability') == 'true';

var availableItems = [];

gs.log("available CIs: " + class_name);

if (!JSUtil.nil(installStatusProperty)) {

ci.addQuery('install_status', 'IN', installStatusProperty);

}

ci.addQuery('loaner', true);

ci.addQuery('sys_class_name', class_name);

ci.addQuery('depot', depot_name);

ci.query();

while (ci.next()) {

var id = ci.sys_id.toString();

if (checkAvailProperty) { // Check only available matching items

if (this.isAvailable(id, start, end))

availableItems.push(id);

} else { // Take any matching items

availableItems.push(id);

}

gs.log(availableItems);

return 'sys_idIN='+availableItems.join(',');

},

rob_pastore · ‎08-14-2015

I'm not sure if this is your issue.. but I have seen a bug on the properties table, where users without roles were not able to read the table.

Add some logging in the script : (right before or after the existing available ci log)

gs.log('Properties: ' + installStatusProperty ');

and see if it gives the same values for ess and loaner_admin.

leslie8 · ‎08-14-2015

Thanks robert, thank you for the suggestions. The properties are the same for both users.

I disabled all of the ACLs on the table and the issue is still occurring. So, I don't understand how the role could be the differentiating factor. I am starting to think this is a bug in ServiceNow where the reference qualifier does not populate the results correctly.