Advanced User Criteria

kaomamichou · ‎06-11-2020

Dear All,

I've created a catalog item that provide managers the option to declare and create a new external login account.

There is a user criteria giving access to the cat item only to managers.

An evolution is requeried:

Managers want to allow their delegate to also declare and create a new external login account.

I've created the following

checkCondition();
function checkCondition(){

//get the identified user
var userGR = new GlideRecord('sys_user_delegate_list');
userGR.get(user_id);

//check if the user is declared as manager
var gr = new GlideRecord('sys_user');
gr.addQuery('delegate',userGR.getValue('sys_id') );
gr.addQuery('active', true);
gr.query();
if (gr.hasNext()) {
answer = true;
} else {
answer = false;
}

}

After test, it's not working and delegates can not access to the cat item.

Could some one help me,

Thank you in advance!

Kindly,

Michou.

Ankur Bawiskar · ‎06-11-2020

Hi,

it should be like this; there is no delegate field on sys_user table

please update as below

checkCondition();
function checkCondition(){

// check if logged in user is delegate of someone

var userGR = new GlideRecord('sys_user_delegate');
userGR.addQuery('delegate', user_id);
userGR.query();
if(userGR.next()){

// now logged in user is delegate
// check if the user present in the delegate table is manager

var gr = new GlideRecord('sys_user');
gr.addQuery('manager', userGR.getValue('user'));
gr.addQuery('active', true);
gr.query();
if (gr.hasNext()) {
answer = true;
} else {
answer = false;
}

}

Mark ✅ Correct if this solves your issue and also mark 👍 Helpful if you find my response worthy based on the impact.
Thanks
Ankur

Regards,
Ankur
✨ Certified Technical Architect || ✨ 9x ServiceNow MVP || ✨ ServiceNow Community Leader

View solution in original post

Muralidharan BS · ‎06-12-2020

HI Michou,

The script is not having any problem, remove the manager condition in the filter condition, second screenshot, that should fix the issue.

Kindly mark my response correct and helpful if my suggestion resolved your query,

Thanks

Murali

Jaspal Singh · ‎06-12-2020

Hi,

There is an issue with your script. Use below.

function onChange(control, oldValue, newValue, isLoading) {
if (isLoading || newValue == '') {
return;
}

g_form.getReference('u_external_user',reqFields);
//} should not be closed as below function is also part of script that runs on onChange()

function reqFields(u_external_user){
g_form.setValue('u_first_name',u_external_user.first_name);
g_form.setValue('u_last_name',u_external_user.last_name);
g_form.setValue('u_job_title',u_external_user.title);
g_form.setValue('u_site',u_external_user.location);
//g_form.setValue('u_company',u_external_user.company);
g_form.setValue('u_contract_end_date',u_external_user.u_contract_end_date);
}

} //added the remove bracket here

kaomamichou · ‎06-12-2020

That's not the issue because if is the manager who's connected, that script works perfectly.

After putting logs on every field, the conclusion is that the delegate may have a role due to the ACL.

The delegate can only see the user name.

Thank a lot guys, for your help that without i could not understand why it's not working.

Best regards,

Michou.

Ankur Bawiskar · ‎06-12-2020

Hi,

Does the delegate user have required role to access the data?

Regards
Ankur

Regards,
Ankur
✨ Certified Technical Architect || ✨ 9x ServiceNow MVP || ✨ ServiceNow Community Leader

kaomamichou · ‎06-12-2020

If the delegate has at less Itil role, it's works.

But if it's end-user he can only see the u_external_user value.

That means there is an acl on the table.

Kindly,

Michou