- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
â04-03-2019 06:18 AM
Hi all,
I am creating a before query Business Rule that restricts record access based on if the current user has a matching role that the current assignment group also has. I have a strictly basic understanding of scripting so I have started by creating the following Business Rule which is currently working for showing the user only the records of the groups they belong to or if they are the customer of the record:
if (!gs.hasRole('admin') && gs.getSession().isInteractive()) {
var queryString = 'caller_idDYNAMIC90d1921e5f510100a9ad2572f2b477fe^NQassignment_groupDYNAMICd6435e965f510100a9ad2572f2b47744';
current.addEncodedQuery(queryString);
}
I am looking for example scripts that I can manipulate to match my needs for this idea or anything that may point me in the right direction.
Could I possibly create a dynamic filter option to utilize here? What would that look like?
Thank you in advance!
Solved! Go to Solution.
- Labels:
-
Scripting and Coding
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
â04-04-2019 10:26 AM
Thank you all, I have opted to use a specific Assignment group type for this. For each department that needs to be separated, I have created a type that I have applied to the entire department's groups and I am matching the department specific role to the type in the business rule like so:
Table: incident
When: before query
Script:
if (!gs.hasRole('admin') && gs.hasRole('its') && gs.getSession().isInteractive()) {
var itsQuery = 'assignment_group.typeLIKE1e9345dedba8b3c0c33c7bec0f961928'; //Assignment group type is ITS
current.addEncodedQuery(itsQuery);
}
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
â04-03-2019 06:28 AM
Hi Taylor,
go through below link hope it will help you:
https://www.servicenowguru.com/scripting/business-rules-scripting/controlling-record-access-before-query-business-rules/
NOTE: Mark correct or helpful if it helps you.
Warm Regards,
Raj patel
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
â04-03-2019 06:36 AM
Hi Raj, thank you for the resource. I did start there to get where I am at this point however I need help conjuring a more advanced script for the requirement.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
â04-03-2019 07:07 AM
I'm not sure you would be able to do this with a dynamic filter, since there isn't really a filter you could build to meet your requirement.
You would need to run a gliderecord, query pretty much everything and loop through each record. In a single loop, you would need to check for the assignment group and get all the roles, then compare it to the user roles to find a match. If they match, add the record's sys_id to an array. After looping through the entire query, you should have an array of sys_id's. You would then do something like this:
var queryString = 'sys_idIN' + name_of_array;
This would be a performance hog though. It would have to run through this each time someone tried to access any record on the table this business rule is on, and if it has a lot of records, it would take even longer.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
â04-03-2019 07:16 AM
I do not see how a before query BR would work for your requirement because the query has the statement of the format
var q = current.addQuery('caller_id', 'xxxxx')
the first parameter is a field on the form.
you can get a list of the roles the user has and a list of the roles the assignment group has,
but there is no field on the form to compare to.
I would write a script that returns the sysids of the users with access and put that on my READ ACL.
