Enable Edit button on Group member related list for custom role.

Rajeev K1 · ‎05-06-2019

Hello,

I have created a custom role ('group_admin') to enable group of members to Add/Remove group members. I modified the Omit Edit Condition (Right Click on List Header bar --> List Layout --> List Control) so only specific role person can access Edit button.

answer = (!(gs.getUser().hasRole('admin'))) || (!(gs.getUser().hasRole('group_admin')));

As per this script 'admin' role user can able to see Edit button in the group member related list but the button is not visible to the users with 'group_admin'. I have enabled the access from ACLs as well but still its not working.

Please let me know if I missed anything here.

Thanks in advance.

Regards/Rajeev Kumar

amlanpal · ‎05-13-2019

Hi Rajeev,

I have tried to replicate your scenario and it worked in my personal development instance. Please modify the 'Omit edit condition' as below and make sure that the 'Omit edit button' checkbox is not selected/checked.

answer = !gs.hasRole('admin') && !gs.hasRole('group_admin');

Most importantly, there is an OOB ACL definition which restricts the creation of new Group Membership (sys_user_grmember) record if the user does not have 'user_admin' role. You may refer the below link (please replace with your instance): https://your_instance.service-now.com/sys_security_acl_list.do?sysparm_query=name%3Dsys_user_grmember%5Eoperation%3Dcreate.

So, the user must have 'user_admin' role along with 'group_admin' role for the testing purpose. If you wan to modify this condition, you better have to modify the ACL mentioned above.

Hope this helps. Please mark the answer Correct/Helpful based on the impact.

Regards,

Amlan

View solution in original post

amlanpal · ‎05-13-2019

Hi Rajeev,

I have tried to replicate your scenario and it worked in my personal development instance. Please modify the 'Omit edit condition' as below and make sure that the 'Omit edit button' checkbox is not selected/checked.

answer = !gs.hasRole('admin') && !gs.hasRole('group_admin');

Most importantly, there is an OOB ACL definition which restricts the creation of new Group Membership (sys_user_grmember) record if the user does not have 'user_admin' role. You may refer the below link (please replace with your instance): https://your_instance.service-now.com/sys_security_acl_list.do?sysparm_query=name%3Dsys_user_grmember%5Eoperation%3Dcreate.

So, the user must have 'user_admin' role along with 'group_admin' role for the testing purpose. If you wan to modify this condition, you better have to modify the ACL mentioned above.

Hope this helps. Please mark the answer Correct/Helpful based on the impact.

Regards,

Amlan

Rajeev K1 · ‎05-13-2019

Thanks Amlan, that worked for my case. I enabled only write ACL to the custom role so it was creating the issue.

narayansaha · ‎01-23-2020

Hi Amlan,

I have created new ACLs for Create/Read/Write/Delete in "sys_user_grmember" table with the below condition:

Group.Manager | is(dynamic) | Me

I have also modified the OOTB List Control for Group Member related list in Group form with the below code(Omit empty condition field):

answer = !gs.hasRole('user_admin') && !parent.manager == gs.getUserID();

But the Group Manager is still unable to view the "Edit" button in the Group Member Related List.

Note: We have been asked not to provide "user_admin" role to the Group Manager.

Regards,
Narayan