Group Managers should be able to edit/add group members of their groups and not other groups.

shikhakhann · 5 hours ago

Hi All,

I am trying to enable the functionality where group managers should be able to add/edit members via related list on group record.
I followed these 2 links to build the functionality:
https://servicenowguru.com/system-definition/group-managers-manage-group-members/#

https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB0723786

Steps I performed in my instance:
1)Created a custom role.
2)Created 4 ACL as below:
2.1)READ ACL:

2.2)WRITE ACL:

2.3)DELETE ACL:

2.4)CREATE ACL:

Result: I impersonated with the user who has this custom role and is manager of a group, he is not able to see EDIT button on the related list:

If I change the code in CREATE ACL as follows, then user is able to see EDIT button to all the Groups related list where he is not even the manager.

Got this code from this KB https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB0723786

Result: User is able to see EDIT button to all the groups "group members" related lists where he is not even the manager.

I have tried many changes in my CREATE ACL and have followed an article which talks about adding the OMIT EDIT Condition and the Business Rule, that also doesn't resolve my issue.

Please suggest!

Vishal Jaswal · 2 hours ago

Hello @shikhakhann

Try below in the CREATE ACL Script:

(function () {
   
    if (gs.hasRole('u_group_fields_editing')) {
        return true;
    }

    // Direct group manager check
    if (current.group.manager == gs.getUserID()) {
        return true;
    }

    // Parent relationship check (if parent exists)
    if (parent && parent.manager == gs.getUserID()) {
        return true;
    }

    // Explicit deny so other ACLs continue correctly
    return false;

})();

Hope that helps!