Advanced user criteria - trying to restrict catalog item to users with specific company, and without ITIL role

Chase Stevenson · ‎01-23-2019

Hello, I have an advanced user criteria that is set up to restrict certain users from seeing a catalog item in the Service Catalog.

Here's the script:

var company = gs.getUser().getCompanyID();

if(!gs.hasRole('itil') && company == "TEST"); {

answer = false;

}

What I can't get to work is the user role portion. I've tried (!gs.getUser().hasRole('itil') and that still doesn't work.

There are users in "TEST" company that have ITIL role, and they need to be able to view the catalog item. How can I restrict this to non-itil TEST company users?

DScroggins · ‎01-24-2019

Also you need to either wrap the other answer statement (answer = false) in an else statement or place it above the if statement as it is going to always return false.

var company = gs.getUser().getCompanyID();

if(!gs.hasRole('itil') && company == 'TEST'){

 answer = true;

}else{
	
 answer = false;
	
}

or

answer = false;

var company = gs.getUser().getCompanyID();

if(!gs.hasRole('itil') && company == 'TEST'){

 answer = true;

}

View solution in original post

dvp · ‎01-24-2019

I just tested in my instance and it working as expected.

Can you try with a new user?

Clear the cache for previously tested user by cache.do in application navigator for impersonated user and try again

Chase Stevenson · ‎01-24-2019

I cleared cached with cache.do and tried a different user. I still get the same result.

1.) I have the user criteria under the catalog item's "not available for" related list:

2.) The user criteria has advanced script of the following:

3.) I have two users in TEST company, one with ITIL role, and one with NO roles:

4.) When ITIL user goes to Service Catalog, they can see the catalog item.

5.) When user with NO roles goes to Service Catalog, they can see the catalog item.

The script should return 'true' if user does NOT have itil role AND user is in 'test' company (which is valid for user #2 who has NO roles, and is a member of 'test' company). For some reason, the script is NOT returning 'true' as it is not recognizing that user #2 is not an itil role user.

dvp · ‎01-24-2019

Can you try with navigating to url directly as below

Update the item sys_id

https://dev1xxxxx.service-now.com/com.glideapp.servicecatalog_cat_item_view.do?v=1&sysparm_id=e212a942c0a80165008313c59764eea1

I did the similar testing as described above but navigated directly to url.

Chase Stevenson · ‎01-24-2019

I replaced the instance and sys_id in the URL with my own, and can confirm that both ITIL and NON-ITIL TEST company users are still able to see the catalog item.

DScroggins · ‎01-24-2019

When you impersonate someone gs.hasRole('WHATEVER') will always return true as you yourself have the Admin role. You need to either fully log in as that user (not impersonate) to test or you also have to check !hasRole('admin') in the script.