Business Rule before query & ACL on Scoped Application
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-08-2023 08:40 PM - edited 06-08-2023 08:58 PM
Hi,
I am in need of some help with a before query business rule and ACL. I have a custom application that has a main (parent) ticket and then it create a task ticket when the state changes to a specific value.
This custom application is somewhat restrictive, in it that I can't just create roles because the ticket that you work cannot be seen by everyone. I have set up a before query on the task ticket so that it will only show the records the the user can see and not display that "some records removed due to security" message.
On the task ticket is the assignment group and I need to set it so that the assignment group can view the main (parent) ticket.
I am having a very hard time with this. Here are my settings:
Business rule
Before
Query
Table: main (parent) table
Script:
(function executeRule(current, previous /*null when async*/ ) {
if ((gs.hasRole('admin')) || (gs.hasRole('x_exf_it_admin')) || (gs.hasRole('x_exf_user'))) {
return;
} else {
var gr = new GlideRecord('x_exf_it_task');
gr.get('issu_number', current.sys_id);
current.addEncodedQuery('gr.assignment_groupDYNAMICd6435e965f510100a9ad2572f2b47744^ORgr.assignment_group.managerDYNAMIC90d1921e5f510100a9ad2572f2b477fe');
}
})(current, previous);
I also unsure of how to go about doing the acl for something like this.
Can anyone help me with this? This is very important.
Any help or direction would be appreciated.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-08-2023 10:05 PM
Hi @Dazler ,
This is OOB message you cannot remove.
Please see below article for more details.
https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB0693406
Please mark my answer helpful as it helps you!!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-09-2023 05:47 AM
Thank you for sharing that article. I figured out how to use the business rule before query to remove that OOB Message. Your document helped me with that.
First, I gave read access to the role within the parent table acl. This allowed them to be able read any ticket on the parent table.
Then I created a script include that queried the information that I needed from the parent and task tickets and return all the sys id for each record. And then I called it from the before query business rule.
(function executeRule(current, previous /*null when async*/ ) {
if ((gs.hasRole('x_exf_it_admin')) || (gs.hasRole('x_exf_it_user'))) { /
return;
} else {
var appendedquery = new getUserGroupBR().canSeeIssue();
current.addQuery('sys_id',appendedquery);
}
})(current, previous);
It is restricting only the tickets that the logged in user is allowed to see.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-25-2024 07:24 AM
Hi @Dazler
I'm running into similar issue. Can you please share the script include you used for the query BR.
