
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-02-2016 07:16 AM
Is there anyway to disable Activity stream mentions in Helsinki? It's a bit of a security hazard for us as we do not want users/requesters to be able to browse the entire ServiceNow users list just by experimenting with the @ mentions. Currently, they can see the users' full names and not much else, but we would still like to be able to limit this ability.
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-02-2016 04:30 PM
Hi Nia,
I don't know any official way to disable it but you can prevent the query on your user table coming from this API with a Before Query business rule.
(function executeRule(current, previous /*null when async*/) {
try{
if(GlideTransaction.get().URL.startsWith('/api/now/form/mention/record/')){
current.addNullQuery('sys_id'); //All records have a sys_id so we are filtering out all records
}
}
catch(e){
}
})(current, previous);
You could even have some conditions, like role conditions to allow specific roles to do mentions or even add a query based on a specific criteria like a user can see users from his own department or something like that. However, this Business rule will make the @ mention look like a broken feature if no users are available.
Warning: GlideTransaction is an undocumented Java object, ServiceNow could decide to retire it or to change it's behavior without any notice.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-17-2020 10:50 AM
Hi Laurent,
Tried the above script but no luck.
"@" mentions works for all users irrespective of roles.
Not sure how to restrict it only to ITIL users
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-17-2020 05:05 PM
Do you mean only allow ITIL users to use the mention or only be allowed to mention ITIL users?
The provided script is to only allow to mention an ITIL user but still anyone can use the mention.
If you want to only allow ITIL users to use the mention, you should keep the original script with current.addNullQuery('sys_id') and set the condition of the business rule to !gs.hasRole('itil')
Otherwise you could try to debug the script by adding a log such as gs.log(GlideTransaction.get().URL) to make sure of the API url being used when querying for users to mention.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-17-2020 10:51 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-13-2021 05:09 AM
Hello,
Is there a way to reference/get the parent record (e.g. task/incident) for which the user is entering a comment and using the @mention feature?
What we need is to limit the list of users to users that belong to the same company as the parent incident record.
Thanks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-13-2021 05:38 AM
You should be able to parse the sys_id from the GlideTransaction.get().URL
Here is an example of the call being made to get the mention: /api/now/form/mention/record/incident/e32e18d72f5030109817f64ef699b6cf
You could therefore keep the matching on /api/now/form/mention/record, and when it matches you could split the string using the "/" delimiter. The second last entry would be your table and the last entry your sys_id. Based on that you could query the record to check for the company of that record.