Hide specific RITM and catalog task variables based on role

JasonC955484115
Tera Contributor

5 hours ago

Hello. I have a requirement where I have to hide certain variables from being displayed primarily on RITMs and catalog tasks, as well as hidden from reporting, previewing records etc. The only catch is that these variables must only be visible to users with a specific role.

 

I've read that a Deny Unless ACL might be possible, but I'm not sure how this can be achieved with catalog variables. I've also tried creating a catalog client script, which partially works on RITM and catalog task, but the variables are still visible when previewing records.

 

Please any recommendations would be greatly appreciated.

Thanks!

0 Helpfuls
  • 163 Views
3 REPLIES 3

Tejas Adhalrao
Tera Guru

3 hours ago

Hi @JasonC955484115  ,

 you can create the UI policy  for the catalogue item this Ui policy will aslo work execute on RITM and catalogue task

TejasAdhalrao_0-1768877205256.png

 

 If you found my solution helpful, please mark it as Helpful or Accepted Solution...!

thanks,

tejas

Email: adhalraotejas1018@gmail.com

LinkedIn: https://www.linkedin.com/in/tejas1018

 

0 Helpfuls

Itallo Brandão
Giga Guru

3 hours ago

Hi @JasonC955484115 ,

You are correct that Catalog Client Scripts are only "Cosmetic" (UI layer). They hide the field on the form but do not protect the data in Reports, List Views, or XML/API.

To achieve true data security without writing complex ACLs, you should use the Out-of-the-Box (OOB) Variable Permissions. This applies security at the server level, effectively handling the "Deny" logic for you.

The Solution: "Read roles"

  1. Navigate to the definition of the specific Variable you want to hide.

  2. Look for the Permissions section (you might need to switch to the "Advanced" view or configure the form layout to see it).

  3. Locate the field Read roles.

  4. Add the specific role that is allowed to see this data (e.g., itil_admin or your custom role).

  5. Save.

Why this is the best approach:

  • Reporting: The variable will be blank or hidden in reports for users without the role.

  • Preview/List: It will not appear in the record preview or list view.

  • API: It protects the data at the database query level.

Important Note: If you populate the Read roles field, only users with that role will see the variable on the RITM/Task. This includes the Requester. If the requester does not have the role, they will not see the value they submitted (which is often the desired behavior for "Internal Only" variables).

If this response helps you solve the issue, please mark it as Accepted Solution.
This helps the community grow and assists others in finding valid answers faster.

Best regards,
Brandão.

0 Helpfuls

Ankur Bawiskar
Tera Patron

2 hours ago

@JasonC955484115 

you can create ACL on sc_item_option and select your variable

It has worked fine in past for members

check this link

Catalog reporting: hide some variables values based on your group Memember 

AnkurBawiskar_0-1768879190963.png

 

💡 If my response helped, please mark it as correct and close the thread 🔒— this helps future readers find the solution faster! 🙏

Regards,
Ankur
Certified Technical Architect  ||  9x ServiceNow MVP  ||  ServiceNow Community Leader
0 Helpfuls