
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-02-2016 07:16 AM
Is there anyway to disable Activity stream mentions in Helsinki? It's a bit of a security hazard for us as we do not want users/requesters to be able to browse the entire ServiceNow users list just by experimenting with the @ mentions. Currently, they can see the users' full names and not much else, but we would still like to be able to limit this ability.
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-02-2016 04:30 PM
Hi Nia,
I don't know any official way to disable it but you can prevent the query on your user table coming from this API with a Before Query business rule.
(function executeRule(current, previous /*null when async*/) {
try{
if(GlideTransaction.get().URL.startsWith('/api/now/form/mention/record/')){
current.addNullQuery('sys_id'); //All records have a sys_id so we are filtering out all records
}
}
catch(e){
}
})(current, previous);
You could even have some conditions, like role conditions to allow specific roles to do mentions or even add a query based on a specific criteria like a user can see users from his own department or something like that. However, this Business rule will make the @ mention look like a broken feature if no users are available.
Warning: GlideTransaction is an undocumented Java object, ServiceNow could decide to retire it or to change it's behavior without any notice.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-02-2016 04:30 PM
Hi Nia,
I don't know any official way to disable it but you can prevent the query on your user table coming from this API with a Before Query business rule.
(function executeRule(current, previous /*null when async*/) {
try{
if(GlideTransaction.get().URL.startsWith('/api/now/form/mention/record/')){
current.addNullQuery('sys_id'); //All records have a sys_id so we are filtering out all records
}
}
catch(e){
}
})(current, previous);
You could even have some conditions, like role conditions to allow specific roles to do mentions or even add a query based on a specific criteria like a user can see users from his own department or something like that. However, this Business rule will make the @ mention look like a broken feature if no users are available.
Warning: GlideTransaction is an undocumented Java object, ServiceNow could decide to retire it or to change it's behavior without any notice.

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-03-2016 06:12 AM
Thanks for the workaround, though it does seem a bit messy/carries some risks, but this does give us options.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-23-2016 11:05 PM
Thank you for the workaround. It was presented to us by Hi as a solution to a problem I would have preferred to be asked about before implementation.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-23-2016 11:23 PM
If you have an ACL on the user table. Does this mention" go skip the ACL on user table?
//Göran