How to create an ACL rule to restrict a role from seeing a specific service offering

Rhonda9 · ‎12-20-2023

Hello,

How can I modify the Read acl rule to restrict visibility of "IT Customer Service" service offering from users with a specific role "cbt_restriction". It is restricting access for the role but also snc_internal role (our end users) . How can I modify this ACL script to make this happen?

var answer=true; //Restrict access by default

if( gs.getUser().hasRole('cbt_restriction'));
{
answer=false;
}

Maik Skoddow · ‎12-21-2023

Hi @Rhonda9

I think you misunderstood ACLs completely. They do not restrict something, they allow something. And you still do not provide all required information, therefore I have to make assumptions.

Am I right that you only have one ACL defined, the one you added as a partial screenshot?
Am I right that you have added to that ACL one role "snc_internal"?

If so, then everything works as expected. Why? Think the other way round! As your ACL only "fires" for "Name" = "IT Customer Service", no other ACLs can grant access and thus all users have no access.

My recommendation: If you want to keep only one ACL, you should remove the condition and modify the script as follows:

answer = true; 

if (current.name == 'IT Customer Service' && gs.getUser().hasRole('cbt_restriction')) {
  answer = false;
}

Maik

View solution in original post

Dr Atul G- LNG · ‎12-21-2023

Hi @Maik Skoddow

How can I modify the Read acl rule to restrict visibility of "IT Customer Service" service offering from

Atul: You dont want to show this SO to users, am I correct?

users with a specific role "cbt_restriction".

Atul: Only user with this role can see?

It is restricting access for the role but also snc_internal role (our end users) . How can I modify this ACL script to make this happen?

*************************************************************************************************************
If my response proves useful, please indicate its helpfulness by selecting " Accept as Solution" and " Helpful." This action benefits both the community and me.

Regards
Dr. Atul G. - Learn N Grow Together
ServiceNow Techno - Functional Trainer
LinkedIn: https://www.linkedin.com/in/dratulgrover
YouTube: https://www.youtube.com/@LearnNGrowTogetherwithAtulG
Topmate: https://topmate.io/atul_grover_lng [ Connect for 1-1 Session]

****************************************************************************************************************

Rhonda9 · ‎12-21-2023

I want it to restrict access from users with the cbt_restriction role but not all of our end users. It is also restricting access from our end users who do not have the custom role "cbt_restriction".

In other words, if a user do not have the cbt_restriction role, they should be able to see the service offering. Please let me know if you have any more questions and Thank you.

Dr Atul G- LNG · ‎12-21-2023

Hi @Rhonda9

In other words, if a user do not have the cbt_restriction role, they should be able to see the service offering.

Atul: Your statement is contradicted

User has CBT Role --> Not able to see SO

User Don't have CBT Role --> Able to See SO

Try this way

@Maik Skoddow What your thoughts on this.

*************************************************************************************************************
If my response proves useful, please indicate its helpfulness by selecting " Accept as Solution" and " Helpful." This action benefits both the community and me.

Regards
Dr. Atul G. - Learn N Grow Together
ServiceNow Techno - Functional Trainer
LinkedIn: https://www.linkedin.com/in/dratulgrover
YouTube: https://www.youtube.com/@LearnNGrowTogetherwithAtulG
Topmate: https://topmate.io/atul_grover_lng [ Connect for 1-1 Session]

****************************************************************************************************************