Filter Reference Field Based on User's Groups

Go to solution
jmiskey
Kilo Sage

‎09-25-2018 12:44 PM

We are building a Form in ServiceNow, where certain users can upload attachments that will be attached to certain Service Catalog Items.

So, we currently have a Control table, that tracks the Catalog Items that we allow this for, and the Group that can upload these attachments.

So, our Control Table has these fields:

- Catalog Items (reference to sc_cat_item)

- Group (reference to sys_user_group)

This control table will be maintained by us Admins.

So, we have this "My Attachments" table that the specified users will have access to in order to upload their files.  The key field in this table is "Catalog Item", which is a reference to the Control Table that we created, so it only shows the items we included in that table.

However, we need to limit this further.  We would like to filter this "Catalog Item" field in the "My Attachments" table, so that it only shows records where the "Group" field in the Control Table matches one of the Groups that the logged in User is a member of. 

How do I do this?

Thanks

Labels:
0 Helpfuls
  • 7,710 Views
1 ACCEPTED SOLUTION

Go to solution
jmiskey
Kilo Sage

‎09-26-2018 12:08 PM

So I did need to write my own function in a Client Script in order to get it to work.

The function looks like this:

	getUserGroups: function(){  
		//return as criteria string of all groups a member is part of (each one separated by a comma)
		var groups='';

		//get current user
		var usr = gs.getUserID();

		//query the group member table to get all groups user is part of
		var grps = new GlideRecord('sys_user_grmember');
		grps.addQuery('user', usr);
		grps.query();
     
		//write all groups to string
		while(grps.next()) {
			groups += (',' + grps.group);
		}

		//return criteria string of all groups separated by commas
		return 'u_groupIN' + groups;
	},

I have it within a large Script Includes we have called "getUserInformation".

So, then we just use the following Advanced Reference Qualifier on that field:

javascript: new getUserInformation().getUserGroups()

And it does what we want.

Thanks to all for the tips/tricks!

 

View solution in original post

0 Helpfuls
5 REPLIES 5

Go to solution
Pradeep Sharma
ServiceNow Employee
ServiceNow Employee

‎09-25-2018 02:07 PM

Hi,

 

You can create a Table Read ACL and secure it via filter condition something like this. In your case it will be Group | Is Dynamic | One of my groups.

find_real_file.png

 

https://docs.servicenow.com/bundle/london-platform-administration/page/administer/contextual-security/concept/access-control-rules.html

 

I hope this helps 🙂

 

Thanks,

Pradeep Sharma

Preview file
63 KB
0 Helpfuls

Go to solution
jmiskey
Kilo Sage

‎09-26-2018 05:25 AM

I don't think that does what I want.  I am not trying to limit the existing records that they can see when reading data.  I am just trying to limit the items they see in the Catalog Item drop-down box when go to create a new record.

For example, let's say that John Doe is a member of GroupA and GroupB.

Then, my Control Table looks something like this:

find_real_file.png

So, when the user goes to create a new record in the "My Attachments" table, there is a Catalog Item field that is a reference back to my Control Table.  In this field, I only want them to be able to select Catalog Items associated with their groups.  So the drop-down should only list Item 1, Item 2, and Item 3 for John Doe.

Does that make it clearer?

 

Preview file
5 KB
Preview file
5 KB
Preview file
5 KB
0 Helpfuls

Go to solution
Dubz
Mega Sage
In response to jmiskey

‎09-26-2018 05:35 AM

You can use an advanced reference qualifier to do that. 

You might be able to just use the syntax below (obviously replace the u_group field with the name of the group field on your control table:

javascript: 'u_groupIN'+gs.getUser().getMyGroups().toArray()

If that doesn't work you'll have to write a script include to query the sys_user_group table, get the sys_id's of the groups and return then in a query string format.

(all of the above assumes that the groups field on your control table is a reference field, it'll be slightly different if it's not)

Go to solution
Pradeep Sharma
ServiceNow Employee
ServiceNow Employee
In response to jmiskey

‎09-26-2018 07:12 AM

Thanks for the details. The requirement is clearer now. This can be done via Advanced Reference qualifier as already mentioned by David.

https://docs.servicenow.com/bundle/london-platform-administration/page/script/server-scripting/concept/c_ReferenceQualifiers.html

 

Please let us know if you have any questions.

 

Thanks,

Pradeep Sharma

0 Helpfuls