
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-02-2016 07:16 AM
Is there anyway to disable Activity stream mentions in Helsinki? It's a bit of a security hazard for us as we do not want users/requesters to be able to browse the entire ServiceNow users list just by experimenting with the @ mentions. Currently, they can see the users' full names and not much else, but we would still like to be able to limit this ability.
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-02-2016 04:30 PM
Hi Nia,
I don't know any official way to disable it but you can prevent the query on your user table coming from this API with a Before Query business rule.
(function executeRule(current, previous /*null when async*/) {
try{
if(GlideTransaction.get().URL.startsWith('/api/now/form/mention/record/')){
current.addNullQuery('sys_id'); //All records have a sys_id so we are filtering out all records
}
}
catch(e){
}
})(current, previous);
You could even have some conditions, like role conditions to allow specific roles to do mentions or even add a query based on a specific criteria like a user can see users from his own department or something like that. However, this Business rule will make the @ mention look like a broken feature if no users are available.
Warning: GlideTransaction is an undocumented Java object, ServiceNow could decide to retire it or to change it's behavior without any notice.

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-18-2016 10:24 AM
I'm testing now and yes, the @ mentions seem to be skipping the ACL on the user table!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-15-2020 09:57 AM
Hi Laurent,
In the above script where would i add the condition to restrict "@" mention for ITIL users alone.
Thanks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-16-2020 10:30 AM
Hi, you would replace
current.addNullQuery('sys_id');
with
current.addQuery('roles', 'itil');
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-17-2020 04:52 AM
Hi Laurent,
Is the below script fine for my requirement ?:
(function executeRule(current, previous /*null when async*/) {
try{
if(GlideTransaction.get().URL.startsWith('/api/now/form/mention/record/')){
current.addQuery('roles', 'itil');
}
}
catch(e){
}
})(current, previous);
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-17-2020 06:15 AM
Yes it should be, doesn't it give you the expected result?