Join the #BuildWithBuildAgent Challenge! Get recognized, earn exclusive swag, and inspire the ServiceNow Community with what you can build using Build Agent.  Join the Challenge.

How to create an ACL rule to restrict a role from seeing a specific service offering

Go to solution
Rhonda9
Tera Expert

‎12-20-2023 02:22 PM

Hello,

 

How can I modify the Read acl rule to restrict visibility of "IT Customer Service" service offering from users with a specific role "cbt_restriction".  It is restricting access for the role but also snc_internal role (our end users)   .  How can I modify this ACL script to make this happen?

 

 

var answer=true; //Restrict access by default

if( gs.getUser().hasRole('cbt_restriction'));
{
answer=false;
}

Rhonda9_0-1703110831497.png

 

0 Helpfuls
  • 2,778 Views
1 ACCEPTED SOLUTION

Go to solution
Maik Skoddow
Tera Patron
Tera Patron
In response to Rhonda9

‎12-21-2023 04:03 AM

Hi @Rhonda9 

I think you misunderstood ACLs completely. They do not restrict something, they allow something. And you still do not provide all required information, therefore I have to make assumptions.

  • Am I right that you only have one ACL defined, the one you added as a partial screenshot?
  • Am I right that you have added to that ACL one role "snc_internal"?

 

If so, then everything works as expected. Why? Think the other way round! As your ACL only "fires" for "Name" = "IT Customer Service", no other ACLs can grant access and thus all users have no access.

 

My recommendation: If you want to keep only one ACL, you should remove the condition and modify the script as follows:

 

answer = true; 

if (current.name == 'IT Customer Service' && gs.getUser().hasRole('cbt_restriction')) {
  answer = false;
}

 

 Maik

View solution in original post

0 Helpfuls
7 REPLIES 7

Go to solution
Maik Skoddow
Tera Patron
Tera Patron

‎12-21-2023 01:13 AM

Hi @Rhonda9 

sorry, I don't get your point.

What do you mean when saying "It is restricting access for the role but also snc_internal role (our end users)"?

Is this the issue? Is this a requirement? Is this a question?

Please explain it better.

Maik

0 Helpfuls

Go to solution
Rhonda9
Tera Expert
In response to Maik Skoddow

‎12-21-2023 03:51 AM

I want it to restrict access from users with the cbt_restriction role but not all of our end users.  It is also restricting access  from our end users who do not have the custom role "cbt_restriction".

In other words, if a user do not have the cbt_restriction role, they should be able to see the service offering.   Please let me know if you have any more questions and Thank you.

 

0 Helpfuls

Go to solution
Maik Skoddow
Tera Patron
Tera Patron
In response to Rhonda9

‎12-21-2023 04:03 AM

Hi @Rhonda9 

I think you misunderstood ACLs completely. They do not restrict something, they allow something. And you still do not provide all required information, therefore I have to make assumptions.

  • Am I right that you only have one ACL defined, the one you added as a partial screenshot?
  • Am I right that you have added to that ACL one role "snc_internal"?

 

If so, then everything works as expected. Why? Think the other way round! As your ACL only "fires" for "Name" = "IT Customer Service", no other ACLs can grant access and thus all users have no access.

 

My recommendation: If you want to keep only one ACL, you should remove the condition and modify the script as follows:

 

answer = true; 

if (current.name == 'IT Customer Service' && gs.getUser().hasRole('cbt_restriction')) {
  answer = false;
}

 

 Maik

0 Helpfuls

Go to solution
Rhonda9
Tera Expert
In response to Maik Skoddow

‎12-21-2023 05:59 AM

Thank you so much! I do apologize for the confusion.  

0 Helpfuls