Business Rule not filtering data for specific role

MBarrott · ‎08-01-2024

I have an task to restrict ServiceNow visibility for our external contractors. They should only see tickets and records which are

- assigned to them

- within their assignment group

- requested for them

- they are the customer

I build a before query Business Rule on the task table and created an external contractor role but for some reason they can still see all records using task.list

I did this previously with an external contractor group and it worked fine, but a role is being problematic.

(function executeRule(current, previous /*null when async*/) 
{
	// Add your code here
	//var extContra_sysID = 'a5716ccd47730a502ad8b01b516d437e';
	if (gs.hasRoleExactly('external_contractor')) 
	{
		/*Assignment Group is (dynamic) One of my Groups
		OR Assigned To is (dynamic) Me
		OR Requester is (dynamic) Me
		OR Caller is (dynamic) Me
		*/
		current.addEncodedQuery('assignment_groupDYNAMICd6435e965f510100a9ad2572f2b47744^ORassigned_toDYNAMIC90d1921e5f510100a9ad2572f2b477fe^ORref_sc_request.requested_forDYNAMIC90d1921e5f510100a9ad2572f2b477fe^ORref_incident.caller_idDYNAMIC90d1921e5f510100a9ad2572f2b477fe');
	}
})(current, previous);

Bert_c1 · ‎08-01-2024

Hi,

it seems the 'gs.hasRoleExactly()' is not working as you may think in a business rule. Try the following:

(function executeRule(current, previous /*null when async*/) {

	// Trying API from:
	// https://developer.servicenow.com/dev.do#!/reference/api/washingtondc/server_legacy/GUserAPI#GUser-hasRole_S?navFilter=hasrole
	// check for user having a specific role
	var currentUser = gs.getUser();
	var userRoles = currentUser.getUserRoles();
//	gs.addInfoMessage('User Roles: ' + userRoles);
	var hasRole = userRoles.indexOf('some_role');
	// check for user role
	if (hasRole >= 0) {
		// create filter
//		gs.addInfoMessage("User has the role");
		current.addEncodedQuery('assignment_groupDYNAMICd6435e965f510100a9ad2572f2b47744^ORassigned_toDYNAMIC90d1921e5f510100a9ad2572f2b477fe^ORref_sc_request.requested_forDYNAMIC90d1921e5f510100a9ad2572f2b477fe^ORref_incident.caller_idDYNAMIC90d1921e5f510100a9ad2572f2b477fe');
	}

})(current, previous);

Seems to work as you want, change the role from 'some_role' to your desired role. Test.

View solution in original post

Bert_c1 · ‎08-01-2024

Hi,

it seems the 'gs.hasRoleExactly()' is not working as you may think in a business rule. Try the following:

(function executeRule(current, previous /*null when async*/) {

	// Trying API from:
	// https://developer.servicenow.com/dev.do#!/reference/api/washingtondc/server_legacy/GUserAPI#GUser-hasRole_S?navFilter=hasrole
	// check for user having a specific role
	var currentUser = gs.getUser();
	var userRoles = currentUser.getUserRoles();
//	gs.addInfoMessage('User Roles: ' + userRoles);
	var hasRole = userRoles.indexOf('some_role');
	// check for user role
	if (hasRole >= 0) {
		// create filter
//		gs.addInfoMessage("User has the role");
		current.addEncodedQuery('assignment_groupDYNAMICd6435e965f510100a9ad2572f2b47744^ORassigned_toDYNAMIC90d1921e5f510100a9ad2572f2b477fe^ORref_sc_request.requested_forDYNAMIC90d1921e5f510100a9ad2572f2b477fe^ORref_incident.caller_idDYNAMIC90d1921e5f510100a9ad2572f2b477fe');
	}

})(current, previous);

Seems to work as you want, change the role from 'some_role' to your desired role. Test.

MBarrott · ‎08-02-2024

Hi @Bert_c1 ,

Looks like this worked and I was even able to apply it to another BR with a different addEncodedQuery.

Could you explain why the gs.hasRoleExactly() wasn't viable in this scenario?

Bert_c1 · ‎08-02-2024

@MBarrott ,

I can't, but if you create a Support Case, the assigned TSE can engage the development team.

If my code helped get a solution, please indicate that to close this thread.