Hide incidents of specific subcategory to be visible to specific user role

Go to solution
Chase Stevenson
Mega Guru

‎03-11-2019 07:47 AM

Hello, I have a requirement to hide incidents with a specific subcategory from anybody who does not have a specific user role: incident_security. The subcategory in the choice list has to also be hidden from any user without user role: incident_security.

This has to be done for two different subcategories.

  1. Miscellaneous Security Incident
  2. Security Investigation

I have done this successfully for the Miscellaneous Security Incident subcategory but I cannot successfully do this with the Security Investigation subcategory.

Step 1: Hide subcat from choice list on incident form using client script:

find_real_file.png

Step 2: add READ ACL to incident table with condition "subcategory=xyz" for incident_security role:

find_real_file.png

When I do the exact same thing for subcategory #2 (security investigation), the client script works (subcat is not visible in choice list for non incident_security users) but the incidents are still visible on the incident table list view.

What am I doing wrong?

find_real_file.png

I tried combining both subcategory conditions into one ACL and it didn't work, so I'm unsure what I may be doing wrong with this.

Preview file
82 KB
Preview file
79 KB
Preview file
92 KB
0 Helpfuls
  • 3,457 Views
1 ACCEPTED SOLUTION

Go to solution
Jamie Fraser
Tera Contributor
In response to Chase Stevenson

‎03-18-2019 08:30 AM

Hi Chase,

Sorry to hear about this - does the rule only need to apply to ITIL users and not customers?

If so, I would recommend adjusting the initial if statement to include a check for the ITIL role, like this:

if (gs.getUser().hasRole("itil") && !gs.getUser().hasRole("incident_security")) {

 

With regards to the subcategory of none not being displayed, could you try adding an or statement that shows items that are empty - best way to do this is to adjust the addQuery to be an addEncodedQuery, this works like this:

if (gs.getUser().hasRole("itil") && !gs.getUser().hasRole("incident_security")) {
	current.addEncodedQuery("subcategoryNOT INSecurity Investigation,Miscellaneous Security Incident^ORsubcategoryISEMPTY");
}

This will tell the system to display items that don't contain Security Investigation and Miscellaneous Security Incident but show items that have empty values.

I hope this helps and if you have any questions, do ask.

 

[Edited 16:55 GMT]
Sorry, just edited the encoded query, noticed the ISEMPTY statement was an and (^) rather than an or (^OR).

Regards,
Jamie

View solution in original post

6 REPLIES 6

Go to solution
Jamie Fraser
Tera Contributor

‎03-11-2019 08:56 AM

I personally wouldn't try to achieve this with ACL's - it probably possible and if I could be bothered to spend the time I could figure it out.

Instead, I would recommend using a business rule (BR). OOTB there should be a BR on your instance called "Incident Query" this BR is applied before a query and adjusts the filter so non itil users can only see incidents that they are either, the caller of, the opened by user or in the watch list.

I'd recommend configuring a new BR like that one and using something like this:

if (!gs.getUser().hasRole("incident_security")) {
	var qc = current.addQuery("subcategory", "NOT IN", "Security Investigation,Miscellaneous Security Incident");
}

Hope this helps

Go to solution
Chase Stevenson
Mega Guru
In response to Jamie Fraser

‎03-12-2019 11:54 AM

Jamie, thank you for the suggestion. I tried this business rule as you provided and it appears to work well.

Could you explain the variable qc and format you used for writing its value? is qc universal for business rules where it should always look for the value of qc and then process the query? It seems like your script is setting a value for qc then doing nothing with it, how does the business rule "display" qc when it processes without the script essentially telling it to?

You wrote: 

var qc = current.addQuery("subcategory", "NOT IN", "Security Investigation,Miscellaneous Security Incident");

Can you explain the "NOT IN" section? I can understand the rest of it where it's looking at "subcategory" and any that are "security investigation,miscellaneous security incident". Does the "NOT IN" refer to the command of those results literally being "NOT IN" the list?

I apologize if what I wrote is confusing.

0 Helpfuls

Go to solution
asifnoor
Kilo Patron
In response to Chase Stevenson

‎03-12-2019 12:07 PM

Hi,

qc is basically a variable here. What is actually happening here, for the existing record(s) Current, there is a condition being added, which filters out the records further.

current.addQuery("subcategory", "NOT IN", "Security Investigation,Miscellaneous Security Incident");

So it basically fetches all incidents whose subcategory is not in security investigation or miscellaneous security.

Mark the comment as helpful if this answers your question.

Go to solution
Chase Stevenson
Mega Guru
In response to Jamie Fraser

‎03-18-2019 08:04 AM

Good morning,

I had noticed something with this business rule, when submitting an incident through a record producer on the service portal, we're getting this error:

find_real_file.png

 

The widget is failing because it's not able to display the generated record to the submitting user.

 

I checked the list of incidents and noticed that this business rule is also hiding incidents that have no category selected. If category is "none" or Security Investigation, or Miscellaneous Security Incident, it won't display. The business rule doesn't have anything obvious that would be hiding incidents with no category.

Any ideas?

Preview file
21 KB
0 Helpfuls