How to Disable Activity Stream Mentions in Helsinki

Go to solution
Nia McCash
Mega Sage
Mega Sage

‎08-02-2016 07:16 AM

Is there anyway to disable Activity stream mentions in Helsinki?   It's a bit of a security hazard for us as we do not want users/requesters to be able to browse the entire ServiceNow users list just by experimenting with the @ mentions.   Currently, they can see the users' full names and not much else, but we would still like to be able to limit this ability.

  • 5,544 Views
1 ACCEPTED SOLUTION

Go to solution
LaurentChicoine
Tera Guru

‎08-02-2016 04:30 PM

Hi Nia,



I don't know any official way to disable it but you can prevent the query on your user table coming from this API with a Before Query business rule.



(function executeRule(current, previous /*null when async*/) {

       

       try{

               if(GlideTransaction.get().URL.startsWith('/api/now/form/mention/record/')){

                       current.addNullQuery('sys_id'); //All records have a sys_id so we are filtering out all records

               }

       }


       catch(e){

               

       }


})(current, previous);


You could even have some conditions, like role conditions to allow specific roles to do mentions or even add a query based on a specific criteria like a user can see users from his own department or something like that. However, this Business rule will make the @ mention look like a broken feature if no users are available.



Warning: GlideTransaction is an undocumented Java object, ServiceNow could decide to retire it or to change it's behavior without any notice.


View solution in original post

24 REPLIES 24

Go to solution
LaurentChicoine
Tera Guru
In response to Trevor Muhl

‎07-26-2017 11:37 AM

A more supported way would be to use GlideTransaction.get().getPageName(). While it is not documented, it is used in 4 existing business rules so if ServiceNow were to retire this, they would most likely find another way to do it for these business rule and we could simply look at the new way they are doing it.



(function executeRule(current, previous /*null when async*/) {   

           

       try{

               if(GlideTransaction.get().getPageName().startsWith('api/now/form/mention/record/')){   

                       current.addNullQuery('sys_id'); //All records have a sys_id so we are filtering out all records   

               }   

       }   

   

       catch(e){   

       }   

   

})(current, previous);  


Warning: GlideTransaction is an undocumented Java object, ServiceNow could decide to retire it or to change it's behavior without any notice.


0 Helpfuls

Go to solution
shashanktonpeka
ServiceNow Employee
ServiceNow Employee
In response to Trevor Muhl

‎01-17-2018 01:08 AM

Hi Trevor,



Did you get any inputs from Hi on how to overcome the user session ending issue?


0 Helpfuls

Go to solution
Trevor Muhl
Kilo Sage
In response to shashanktonpeka

‎01-17-2018 01:56 AM

Hello Shashank,



The HI technician I worked with is not aware of a workaround to this issue. We have simply just stopped using the feature completely. However, they have recognized this as a problem and are working with the development team on a fix (last updated a couple of weeks ago).



- Trevor Muhl


0 Helpfuls

Go to solution
Sigval Bergesen
Tera Contributor

‎03-02-2020 12:49 AM

URL doesn't work, you have to swap it with getPageName(), like this: 

(function executeRule(current, previous /*null when async*/) {
try{
if (GlideTransaction.get().getPageName().startsWith('api/now/form/mention/record/')){
current.addNullQuery('sys_id'); //All records have a sys_id so we are filtering out all records
}
}
catch(e){
}
})(current, previous);

Go to solution
sanmu
Tera Contributor

‎03-16-2021 12:05 AM

Hi, I need to restrict only endusers(Users without any roles) in @mention part of the form. Tried modifying the above query. Its not working. Is this achievable?

0 Helpfuls