COE Policy Condition sys_user Country Code has to match logged_in user Country Code

AijaRe · ‎08-01-2024

Hello!
I need to create a COE Security Policy, so that the logged-in HR Agent can see only cases from the subject person's who are from the same country as HR Agent.
In sys_user I have a filled field "Country code" that I am thinking to leverage, but I fail to create an inline script that would fetch me the logged-in user's country.
I tried to create script include and create Dynamic Filter (type: choice, referencing sys_user table, but it doesn't appear in my COE Policy Condition filter).

How can I achieve that?

AijaRe · ‎08-02-2024

The solution was to create client-callable script include in HR scope and then call the method directly in COE Security Policy condition " javascript&colon; new sn_hr_core. ScopedHRUtils().getUserCountry() ".

var ScopedHRUtils = Class.create();
ScopedHRUtils.prototype = Object.extendsObject(global.AbstractAjaxProcessor, {

	getUserCountry: function(){
		var user = new GlideRecord('sys_user');
		user.get(gs.getUserID());
		var country = user.getValue('country');
		return country;
	},

    type: 'ScopedHRUtils'
});

View solution in original post

AijaRe · ‎08-02-2024

The solution was to create client-callable script include in HR scope and then call the method directly in COE Security Policy condition " javascript&colon; new sn_hr_core. ScopedHRUtils().getUserCountry() ".

var ScopedHRUtils = Class.create();
ScopedHRUtils.prototype = Object.extendsObject(global.AbstractAjaxProcessor, {

	getUserCountry: function(){
		var user = new GlideRecord('sys_user');
		user.get(gs.getUserID());
		var country = user.getValue('country');
		return country;
	},

    type: 'ScopedHRUtils'
});

Sandeep Rajput · ‎08-02-2024

@AijaRe This is exactly what I suggested in my post.

Sandeep Rajput · ‎08-02-2024

@AijaRe Try calling a script include method inside the condition text field

for e.g.

Subject Person.Country Code is javascript&colon; new <ScriptIncludeName>().<FunctionName>().