How can I call a script from within an ACL?

bcronrath · ‎06-02-2015

Basically the problem I am running into right now is getting a security context to properly pull a value back for use on an incident ACL.

This is the incident read ACL in its current state:

current.opened_by == gs.getUserID() || current.caller_id == gs.getUserID() || current.watch_list.indexOf(gs.getUserID()) > -1

However, the goal is to add an additional OR query to get incidents that have the same "company" value that the user has. So I made a script include that should retrieve the sys_id value of the company from the user and return it as a string. I tried to call it from the ACL like so:

current.opened_by == gs.getUserID() || current.caller_id == gs.getUserID() || current.watch_list.indexOf(gs.getUserID()) > -1 || current.company == getCompanyName.retrieveCompanyNames();

But clearly I am doing something wrong because it doesn't seem to work properly. I've tested with hardcoding in a company call such as

current.opened_by == gs.getUserID() || current.caller_id == gs.getUserID() || current.watch_list.indexOf(gs.getUserID()) > -1 || current.company == [put sys_id here];

And that pulled the values in fine. So I figure the script certainly doesn't seem to be running correctly, even though I am not seeing mention of it when enabling all debugging.

Another oddity I am seeing is that I get 219 rows returned from my incident query when I test using the hard coded company sys_id in the ACL (the correct number), but when I try using the function in the ACL, I only get the first row returned, and then it says "Number of rows removed from this list by Security constraints: 19"

Wondering why it only says 19 rows removed, shouldn't it be 218? That could be a side issue though, I am mainly just interested in knowing how to properly pull the company value from the user for use in an incident read ACL. Anyone have experience with this?

Best regards,

Brian

bernyalvarado · ‎06-02-2015

Hi Brian,

Have you tried getting the user object and then retrieving the Company information from it?

var user = gs.getUser();

user.getCompanyID() -- returns the sys_id of the current user's company

user.getCompanyRecord() -- returns the current user's company GlideRecord

Getting a User Object - ServiceNow Wiki

Thanks,

Berny

View solution in original post

bcronrath · ‎06-02-2015

Also ignore the odd name on my function, it says getting company names, but it's grabbing the sys_id. I had it named that way initially and once I get everything working I will clean up the function/class names.

bernyalvarado · ‎06-02-2015

Hi Brian,

Have you tried getting the user object and then retrieving the Company information from it?

var user = gs.getUser();

user.getCompanyID() -- returns the sys_id of the current user's company

user.getCompanyRecord() -- returns the current user's company GlideRecord

Getting a User Object - ServiceNow Wiki

Thanks,

Berny

bcronrath · ‎06-02-2015

Thanks so much Berny! That worked, and is far more straightforward than what I was trying to do.

Best regards,

Brian Cronrath

bcronrath · ‎06-03-2015

Hello Berny,

So it looks like this is working fine for the time being, but I think eventually I am still going to need to figure out how to call a script from the ACL (and business rule and filter parameters for that matter). Reason being is right now the user to company relation is just many to 1, but moving forward there is going to be a many to many relationship so that users can belong to multiple companies. It will be achieved via a user_company lookup table, so I believe the only way I can accomplish this is with a function that does a lookup to compile which companies the users belong to.

I don't suppose you know of a way I can accomplish this?