Find your people. Pick a challenge. Ship something real. The CreatorCon Hackathon is coming to the Community Pavilion for one epic night. Every skill level, every role welcome. Join us on May 5th and learn more here.

Can I restrict view of application module based on an attribute?

Go to solution
robpickering
Giga Guru

‎10-24-2014 12:27 PM

I would like to restrict visibility of an Application Module based on an attribute on the sys_user table, rather than by role.

Is that possible?

I know I could create a new role and assign it to everyone I need to, but I'd prefer to use an existing attribute "u_is_manager" on my sys_user table.

-Rob

Labels:
0 Helpfuls
  • 6,429 Views
1 ACCEPTED SOLUTION

Go to solution
Michael Ritchie
ServiceNow Employee
In response to Michael Ritchie

‎10-26-2014 03:33 PM

OK here is some example code that may work for you.



  1. Add a new field to the sys_app_module table called Visibility (u_visibility in the database).   In my example I made it a choice with 3 values: manager, nonmanager, both.
  2. Set the appropriate values on the modules according to your requirements.
  3. Create a new business rule: System Definition\Business Rules
  4. Name: Navigation Query - or whatever you want to call it
  5. Table: Module (sys_app_module)
  6. Check Active and Advanced checkboxes
  7. When to Run: Before
  8. Check Query Box
  9. Script See below
if(!gs.hasRole("admin") && gs.getSession().isInteractive() && gs.getUserName() != "guest"){



       var qc = current.addQuery('u_visibility', "both");



       qc.addOrCondition('u_visibility', '');



       if (gs.getImpersonatingUserName() != null) {



               gs.getSession().clearClientData('navQuery');



       }



       var navQuery = gs.getSession().getClientData('navQuery');



       if (navQuery == null) {



               var isManager = gs.getUser().getRecord().getValue('u_is_manager');



               if (!isManager) {



                       qc.addOrCondition('u_visibility', 'nonmanager');



                       gs.getSession().putClientData('navQuery', 'nonmanager');



               } else {



                       qc.addOrCondition('u_visibility', 'manager');



                       gs.getSession().putClientData('navQuery', 'manager');



               }



       } else {



               qc.addOrCondition('u_visibility', navQuery);



       }



}


Explanation of the above:


  • Before query business rules are like ACLs where they can restrict access to data.   They are basically filters that are applied when a user does a query.
  • This code doesn't run if you have the admin role, if this is a web service (nonInteractive), or if the user is guest (meaning the login screen)
  • So the query doesn't run all the time, I am putting the Is Manager value into a Session variable called navQuery and use it instead of the lookup each time
  • It adds filters for the Visibility setting first and then I check to see if an admin user is impersonating someone and if so I am clearing the Session value
  • If the session value isn't set, it does a lookup to see if the user is a manager or not and sets the appropriate condition and sets the session variable.


Hopefully this makes sense.   Please reply if not as I am happy to answer questions.   I am traveling a little this week so my responses could be delayed.


View solution in original post

6 REPLIES 6

Go to solution
Kalaiarasan Pus
Giga Sage

‎10-24-2014 12:33 PM

not sure if that's possible currently ...


0 Helpfuls

Go to solution
Michael Ritchie
ServiceNow Employee

‎10-25-2014 03:14 PM

This is definitely possible and something I have done.   Unfortunately I don't have time to provide detailed specifics at the moment, but to summarize the solution you utilize a before query business rule on the sys_app_module table.   What I had done was created a new field on the sys_app_module table called "Visibility" and had a few choices such A, B, Both.   Then in the before query business rule I looked up a value from the user or some other record to know which visibility choice to use and either filtered the modules appropriately.



Here are some example before query business rules:


Useful Task Scripts - ServiceNow Wiki



I will post some example code later.


0 Helpfuls

Go to solution
Michael Ritchie
ServiceNow Employee
In response to Michael Ritchie

‎10-26-2014 03:33 PM

OK here is some example code that may work for you.



  1. Add a new field to the sys_app_module table called Visibility (u_visibility in the database).   In my example I made it a choice with 3 values: manager, nonmanager, both.
  2. Set the appropriate values on the modules according to your requirements.
  3. Create a new business rule: System Definition\Business Rules
  4. Name: Navigation Query - or whatever you want to call it
  5. Table: Module (sys_app_module)
  6. Check Active and Advanced checkboxes
  7. When to Run: Before
  8. Check Query Box
  9. Script See below
if(!gs.hasRole("admin") && gs.getSession().isInteractive() && gs.getUserName() != "guest"){



       var qc = current.addQuery('u_visibility', "both");



       qc.addOrCondition('u_visibility', '');



       if (gs.getImpersonatingUserName() != null) {



               gs.getSession().clearClientData('navQuery');



       }



       var navQuery = gs.getSession().getClientData('navQuery');



       if (navQuery == null) {



               var isManager = gs.getUser().getRecord().getValue('u_is_manager');



               if (!isManager) {



                       qc.addOrCondition('u_visibility', 'nonmanager');



                       gs.getSession().putClientData('navQuery', 'nonmanager');



               } else {



                       qc.addOrCondition('u_visibility', 'manager');



                       gs.getSession().putClientData('navQuery', 'manager');



               }



       } else {



               qc.addOrCondition('u_visibility', navQuery);



       }



}


Explanation of the above:


  • Before query business rules are like ACLs where they can restrict access to data.   They are basically filters that are applied when a user does a query.
  • This code doesn't run if you have the admin role, if this is a web service (nonInteractive), or if the user is guest (meaning the login screen)
  • So the query doesn't run all the time, I am putting the Is Manager value into a Session variable called navQuery and use it instead of the lookup each time
  • It adds filters for the Visibility setting first and then I check to see if an admin user is impersonating someone and if so I am clearing the Session value
  • If the session value isn't set, it does a lookup to see if the user is a manager or not and sets the appropriate condition and sets the session variable.


Hopefully this makes sense.   Please reply if not as I am happy to answer questions.   I am traveling a little this week so my responses could be delayed.


Go to solution
Michael Ritchie
ServiceNow Employee
In response to Michael Ritchie

‎11-03-2014 05:29 PM

Rob Pickering, curious if the above code addressed your requirement?


0 Helpfuls