Check canRead() on record for someone besides current user?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎06-28-2019 06:37 AM
I'm currently working in a scoped application where I want to check a user's access for a particular record in a business rule. I've been able to use canRead() for myself as a user, but I want to be able to check the same record on behalf of another user. I would use the user record provided by the 'assigned_to' field. Anything within the Global scope can't be used unfortunately because of errors(GlideSecurityManager is not allowed in scoped applications, gs.getSession().impersonate is out of date) . My instance is currently in London, and I'm working in both London and Madrid instances. Has anyone had experience in trying to do this? My only other option I can think of right now is to get the roles from the user, and evaluate the read ACL directly by checking the roles and perhaps the script if possible. I'd like to see if there is something simpler that I'm not aware of. Any help would be appreciated, thanks!
-Eric
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎06-28-2019 08:09 AM
Hi Eric,
so you want to check whether assigned_to user has read access to particular table or not
did you check GlideImpersonate API
https://developer.servicenow.com/app.do#!/api_doc?v=madrid&id=GI-impersonate_S
new GlideImpersonate().impersonate(current.assigned_to);
// then query the table and use canRead()
Mark Correct if this solves your issue and also mark Helpful if you find my response worthy based on the impact.
Thanks
Ankur
Ankur
✨ Certified Technical Architect || ✨ 9x ServiceNow MVP || ✨ ServiceNow Community Leader
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎06-28-2019 08:13 AM
Hi Ankur,
I have tried GlideImpersonate too, and that gave me an error message of 'GlideImpersonate is not allowed in scoped applications'. I apologize I didn't list this, but thanks for trying to help!
Eric
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎06-28-2019 08:12 AM
Hi Eric,
You can use GlideRecordSecure, unlike the traditional GlideRecord, it takes into consideration the ACLs by default
-Anurag
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎06-28-2019 08:15 AM
Hi Anurag,
Thanks for the link. Will this take other users into consideration,or is just with the current user? Seems like it's just with the current user according to the documentation you provided.
Thanks,
Eric
