Get a first look at what's coming. The Developer Passport Australia Release Preview kicks off March 12. Dive in! 

hide script on script include

Go to solution
sydneyespos
Tera Expert

3 weeks ago - last edited 3 weeks ago

Hi community, do you have insights on how to hide the script section in script include for a particular script include? Only certain role can view the script. 

0 Helpfuls
  • 764 Views
1 ACCEPTED SOLUTION

Go to solution
GlideFather
Tera Patron

3 weeks ago - last edited 3 weeks ago

Hi @sydneyespos,

 

a script include without the script field is useless... why would you do that?

 

If you want to restrict the access, then you can apply custom ACL on [sys_script_include] table... with that only specific role or group of users will have access to that field.

 

EDIT: custom ACL or adjust existing ones

https://yourinstance.service-now.com/sys_security_acl_list.do?sysparm_query=nameSTARTSWITHsys_script_include

 

Or you can think of adding/removing snc_required_script_writer_permission role but it would have impact on all scripting, not just script include:

GlideFather_0-1771576014422.png

This role was introduced one or two releases back, so check if your instance have it.

_____
100 % GlideFather experience and 0 % generative AI

View solution in original post

11 REPLIES 11

Go to solution
yashkamde
Kilo Sage
In response to Ankur Bawiskar

3 weeks ago

Yes, that could be the case.

In that situation, we can perform a total ACL record-level operation to hide it.
I believe this approach will work.

0 Helpfuls

Go to solution
-O-
Kilo Patron

3 weeks ago - last edited 3 weeks ago

Something like this might solve your problem, though it will hide the Script Include entirely, not just the Script field:

- create a new Application/Scope (e.g. Hidden Code ; let's assume scope x_acme_hs)

- mark the admin role (create one if it does not already exist) for the new Application/scope with option "Application Administrator"

- grant that admin role to the user or users who should have access to the protected Script Include

- (re)create the Script Include in this new Application/Scope (e.g. HidenCodeLib).

- set the Script Include's "Accessible from" to "All application scopes"

- set the Script Include's "Caller Access" to "Caller Tracking" (however if for some reason also want to control which other scope or code may call this hidden Script Include, you could set this to "Caller Restriction")

- set the Script Include's "Protection policy" to "Protected".

- ask one of the users who was given the Application/Scope admin role to mark the Application/Scope with the "Application administration" option.

 

Afte this only users who have the Application's/Scope's admin role can view that the Script Include even exists.
But the Script Include could still be called freely be other code.

Developers could call the Script Include as they normally would:

var hcl = new x_acme_hs.HidenCodeLib();

gs.debug(hcl.<property>);
hcl.<method>();

If the Script Include is already in use, the original Script Include can be made to inherit this hidden Script Include, making existing code work just fine.
E.g. let's assume a global Script Include exists currently, after moving its content into the new hidden Script Include, the original one could be re-created as:

var HidenCodeLib = Class.create();
HidenCodeLib.prototype = Object.extendsObject(x_acme_hs.HidenCodeLib, {
	'type': 'HidenCodeLib',
});

 In this case, code already using the original Script Include would keep working as if nothing happened.

 

In this way not even admin will be able to see the Script Include.

0 Helpfuls