Allow Specific Roles to Update Catalog Item Variables on Requested Item

jmiskey · ‎03-05-2019

We have a Catalog Item with many variables on it. There are two variables at the bottom that, through a Catalog UI Policy, are hidden from the Catalog Item on the Service Portal. After the user submits a request via the Service Portal, that RITM is assigned to a specific group (with a specific role). Someone in that group assigns the RITM to themselves, and then they are supposed update the two variables (shown in the Variable section on the RITM) that are hidden from view on the Service Portal. However, I cannot seem to figure out how to give them access to update these two variables in the Variable section on the RITM. They are read-only.

So, I went to the Permissions section of the two variables in the Catalog Item, and tried adding the role to both Create and Write. However, that did not seem to work. I impersonated a user with that role, assigned the RITM to myself, and was still unable to edit those two variables.

We did something like this once, but it was on sc_task, not sc_req_item. We used a Client Script there. But I cannot seem to figure out how to apply this logic to sc_req_item. That code (on sc_task) looked something like this:

function onLoad() {

    if(g_form.getValue('request_item.cat_item') == "0259dc10db081f00a5647ee5bf96193c"){
	    g_form.setVariablesReadOnly(true);
	    g_form.setReadOnly('test_comments',false);
	    g_form.setReadOnly('prod_comments',false);
    }
}

but when I tried the same with sc_req_item, it did not work (and I still need to figure out how to incorporate the specific role I want to give permission to).

Does anyone have any suggestions?

Brian Lancaster · ‎03-05-2019

Questions:

1. Do these users have ITIL role as well?

2. Why are you assigning at the RITM level instead of a task?

View solution in original post

Allen Andreas · ‎03-05-2019

Hi,

I just wanted to throw out there to check this in the ACLs.

Do you have a write ACL for sc_req_item.variables? If so, check that to see if there's any stipulation as to why the user assigned wouldn't meet this and then adjust it to allow it OR create a new write ACL for this table and field (perhaps adding a condition that the assigned to is dynamic (aka me) and see if that works for you.

Please mark reply as Helpful/Correct, if applicable. Thanks!

Please consider marking my reply as Helpful and/or Accept Solution, if applicable. Thanks!

jmiskey · ‎03-05-2019

I am not sure that this would apply here. The Catalog Item variables are not stored under sc_req_item, but rather under item_option_new. So I don't think that ACLs against sc_req_item would apply here, right?

Or maybe I am misunderstanding you?

Allen Andreas · ‎03-05-2019

Yea, you're not understanding me. I didn't say anything about the values, I was literally talking about the variables themselves. The fields. It looks like you got it though, so good for you. Take care.

Please consider marking my reply as Helpful and/or Accept Solution, if applicable. Thanks!

Lokesh Kankipat · ‎03-05-2019

If the variables are "test_comments" and "prod_comments" try using "variables." in the name. Assuming that this Client Script is running on RITM or SCTask.

Example :

g_form.setReadOnly('variables.test_comments',false);

g_form.setReadOnly('variables.prod_comments',false);