Before Query Business rule Restriction on the Request Item table

Rhonda9
Tera Expert

Hello ,

 

I created a before query business rule to restrict anyone that is not a member of the Sensitive Data group from access  Request Items in the Sensitive Data Request Item.   I have been able to create a BR that will not allow anyone who is not a member of the Sensitive Data group to access the restricted records but I want to allow the person who created the request item (opened_by) to be able to view the sensitive data record.   I am having an issue with this and need help. 

 

Here is the business rule that I have created:

 

 condition:  !gs.getUser().isMemberOf('bdb5c97bdbeb90940a2bf381399619eb') 

(function executeRule(current, previous /*null when async*/) {
var u = gs.getUserID(); //Get the sys_id value of the current user
       if(!gs.getUser().hasRole("special request") && !gs.getUser().isMemberOf('bdb5c97bdbeb90940a2bf381399619eb')); { //the user is not a member of sensitive data or an admin
    var qu = current.addEncodedQuery("cat_item!=626cadb11b41ce90d058c992604bcbd5"());
      }
}
)(current, previous);
1 ACCEPTED SOLUTION

Ankur Bawiskar
Tera Patron
Tera Patron

@Rhonda9 

no need to add this again inside script as you already have it in condition field; so remove it

!gs.getUser().isMemberOf('bdb5c97bdbeb90940a2bf381399619eb')

use OR condition

(function executeRule(current, previous /*null when async*/) {
	var u = gs.getUserID(); //Get the sys_id value of the current user
	if(!gs.getUser().hasRole("special request")); { //the user is not a member of sensitive data or an admin
		current.addQuery("cat_item", "!=", "626cadb11b41ce90d058c992604bcbd5").addOrCondition("opened_by", gs.getUserID());
	}
}
)(current, previous);

If my response helped please mark it correct and close the thread so that it benefits future readers.

Regards,
Ankur
Certified Technical Architect  ||  9x ServiceNow MVP  ||  ServiceNow Community Leader

View solution in original post

3 REPLIES 3

Ankur Bawiskar
Tera Patron
Tera Patron

@Rhonda9 

no need to add this again inside script as you already have it in condition field; so remove it

!gs.getUser().isMemberOf('bdb5c97bdbeb90940a2bf381399619eb')

use OR condition

(function executeRule(current, previous /*null when async*/) {
	var u = gs.getUserID(); //Get the sys_id value of the current user
	if(!gs.getUser().hasRole("special request")); { //the user is not a member of sensitive data or an admin
		current.addQuery("cat_item", "!=", "626cadb11b41ce90d058c992604bcbd5").addOrCondition("opened_by", gs.getUserID());
	}
}
)(current, previous);

If my response helped please mark it correct and close the thread so that it benefits future readers.

Regards,
Ankur
Certified Technical Architect  ||  9x ServiceNow MVP  ||  ServiceNow Community Leader

Thank you so much.  It work!

thank you so much! (you should add this to your youtube channel or blog etc as it should be obvious the person who submitted the information should be allowed to see it, but all examples i found did not include the addorcondition from your query). thanks again.