We've updated the ServiceNow Community Code of Conduct, adding guidelines around AI usage, professionalism, and content violations. Read more

Hide Incident Form Section depending in IP address in the sys_user_login_history table

John Johnson
Kilo Sage

7 hours ago

Hello Smart People!

I have been trying to hide an incident form section like 'notes' for users outside of an IP CIDR. Everything i've tried has not worked. With what i'm doing, it is always hidden or not hidden.  Is it because im using the 'user login history' table?

I am looking for some examples of ways others have done this in their systems.  I have tried with Business rules, Client Scripts, and UI Policies with no success.

 

I appreciate your assistance in advance!

0 Helpfuls
  • 762 Views
8 REPLIES 8

John Johnson
Kilo Sage

5 hours ago 

My Script Include 


var IPAccessChecker = Class.create();
//IPAccessChecker.prototype = Object.extendsObject(AbstractAjaxProcessor, 
IPAccessChecker.prototype = {
    initialize: function () {},

    canSeePatientInfo: function () {
        var ip = gs.getSession().getClientIP();
        if (!ip || ip.indexOf(':') !== -1) return "false";

        var cidr="MyCIDR";   //taken out for reference
        var parts=cidr.split('/');
        var cidrIp=parts[0];
        var prefix=parseInt(parts[1],10);

        function ipv4ToInt(a){var o=a.split('.');return((parseInt(o[0])<<24)>>>0)|((parseInt(o[1])<<16)>>>0)|((parseInt(o[2])<<8)>>>0)|(parseInt(o[3])>>>0);}    
        function ipInCidr(ip,cidrIp,prefix){var ipN=ipv4ToInt(ip);var cN=ipv4ToInt(cidrIp);var mask=(~0 << (32-prefix))>>>0;return (ipN & mask)===(cN & mask);}    

        return ipInCidr(ip,cidrIp,prefix)?"true":"false";
    },

    type: 'IPAccessChecker'
};
0 Helpfuls

John Johnson
Kilo Sage
In response to John Johnson

5 hours ago

My Client Script

 

function onLoad(){
    var ga=new GlideAjax('IPAccessChecker');
    ga.addParam('sysparm_name','canSeePatientInfo');
    ga.getXMLAnswer(function(answer){
        var allowed=(answer==='true');
        var sectionName='patient_information';
        try { g_form.setSectionDisplay(sectionName, allowed); }
        catch(e){
            var fields=['u_patient_name','u_patient_id','u_date_of_service','u_epic_department','u_epic_note'];
            fields.forEach(function(f){ if(g_form.hasField(f)) g_form.setDisplay(f,allowed); });
        }
    });
}
0 Helpfuls

Tanushree Maiti
Giga Sage

5 hours ago

Hi @John Johnson 

 

Here is a sample code , IP address range you need to mention in code.

Note: Try both the script include as mentioned in two reference links.

 

1. Create the onLoad Client Script 
This script calls the Script Include and hides the section if the user is outside the range. 
  1. Navigate to the Incident form and open an existing record.
  2. Right-click the header, select Configure > Client Scripts.
  3. Click New.
  4. Name: Hide Notes Section for Outside IP
  5. Table: incident
  6. Type: onload
  7. Script:
    function onLoad() {
    var ga = new GlideAjax('IPRangeChecker');
    ga.addParam('sysparm_name', 'isAllowed');
    ga.getXMLAnswer(function(answer) {
          if (answer == 'false') {
                    g_form.setSectionDisplay('notes', false); 
        }
    });
}

     

    2. Create a Client-Callable Script Include : determine if the current user's IP is within the allowed range. 

    • Navigate to System Definition > Script Includes.
    • Click New.
    • Name: IPRangeChecker 
    • Check Client callable.
    • Script:
      var IPRangeChecker = Class.create();
IPRangeChecker.prototype = Object.extendsObject(AbstractAjaxProcessor, {

    isAllowed: function() {
        var clientIP = gs.getSession().getClientIP();
        // Replace with your allowed CIDR range
        var allowedRange = '192.168.1.0/24'; 

        return this._isIp4InCidr(clientIP, allowedRange);
    },

     _isIp4InCidr: function(ip, cidr) {
        var split = cidr.split('/');
        var range = split[0];
        var bits = split[1];
        var mask = -1 << (32 - bits);
        return (this._ip4ToInt(ip) & mask) == (this._ip4ToInt(range));
    },

    _ip4ToInt: function(ip) {
        return ip.split('.').reduce(function(integer, oct) {
            return (integer << 8) + parseInt(oct, 10);
        }, 0) >>> 0;
    },

    type: 'IPRangeChecker'});
    • Click Submit. 

     

    Refer: https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB0743808

             

    https://www.servicenow.com/community/itsm-forum/function-to-determine-if-ip-is-in-cidr-network/m-p/6...

             https://www.servicenow.com/community/developer-articles/how-to-determine-whether-an-ip-address-belon....

     

Please mark this response as Helpful & Accept it as solution if it assisted you with your question.
Regards
Tanushree Maiti
ServiceNow Technical Architect
Linkedin:
0 Helpfuls

John Johnson
Kilo Sage
In response to Tanushree Maiti

4 hours ago

@Tanushree Maiti 

Should this work no matter the CIDER?  I am trying it on a /20 CIDR.  Unfortunately, 'notes' is hidden on and off my network.  Ideas?

0 Helpfuls