gs.getUser().hasRole('anytext') always returns "true"

Vespertinus · ‎05-11-2017

I figured aut a strange behaviour with hasRole() function. We are on Istanbul Patchlevel 4

You can reproduce by opening background scripts winodow and run following script:

gs.log(gs.getUser().getDisplayName())

gs.log(gs.getUser().getRoles())

gs.log(gs.getUser().hasRole('gdfgsdrfr'))

[0:00:00.002] Script completed in scope global: script

*** Script: System Administrator
*** Script: admin,template_editor_global
*** Script: true

-> users display name is correct

-> roles are corre

-> true???

http://wiki.servicenow.com/index.php?title=Getting_a_User_Object#gsc.tab=0

myUserObject.hasRole()

-- returns true or false if the current user has the provided role (takes a role name as its argument)

For me it returns always true 😕

Any clue?

br

Vesp

javier_messeri · ‎05-11-2017

Hi,

I think "hasRole('whatever')" always returns true if you are the admin (http://wiki.servicenow.com/index.php?title=GlideSystem#hasRole.28String.29 ), no wonder if the role really exists or not.

There's a g_user.hasRoleExactly() (client side, http://wiki.servicenow.com/index.php?title=GlideUser_(g_user)#hasRoleExactly ) but not an explicit version in server side, but by scripting a little bit, you may have and have a "hasRoleExactly" for server, something like:

var rol = new GlideRecord('sys_user_role');

               rol.addQuery('name', role);

               rol.query();

               if (rol.next()) {

                       var hasRole = new GlideRecord('sys_user_has_role');

                       hasRole.addQuery('user', user_id);

                       hasRole.addQuery('role', rol.sys_id);

                       hasRole.query();


                       if (hasRole.next()) {

                               return true;

                       } else {

                               return false;

                       }

               }

               return false;

Cheers,

Javier

View solution in original post

BALAJI40 · ‎05-11-2017

This is because of currently you are having admin role.

vinitha3 · ‎05-11-2017

Hi,

Use: hasRoleExactly in client scripts,.

function onLoad() {

var isItil = g_user.hasRoleExactly('itil');

if (isItil)

alert('Current user has this exact role');

else

alert('Current user does NOT have this exact role');

}

Thanks,

Vinitha.K

Please mark helpful or correct if it had helped you.

The SN Nerd · ‎05-25-2017

gs.hasRole will not always evaluate true for admins against elevated privilege roles.

If you need to hide things from normal admins, consider creating an elevated privilege role and only giving to the users who need to admin that specific table.
You would also need to make sure all your role based ACL checks are scripted.

ServiceNow Nerd
ServiceNow Developer MVP 2020-2022
ServiceNow Community MVP 2019-2022

Community Alums · ‎10-26-2017

hasRoleExactly on server side explained well in https://joshneri.us/serverside-hasroleexactly-in-servicenow/

iqbalkhokhar · ‎10-08-2018

server side one line condition code:

gs.getSession().getRoles().includes('role');