How to Exclude Specific Groups Within a Company from Accessing a Catalog Item Using User Criteria

Go to solution
Daemon5
Tera Expert

‎09-25-2024 12:30 AM

Hi all,

I'm trying to restrict access to a catalog item in ServiceNow, where I want to exclude a specific group within a particular company from using it. All users from the company should be able to access the catalog item except for those who belong to this specific group.

Here's what I've tried so far:
I attempted to use the Not Available For script within User Criteria to achieve this. Below is the script I'm using to exclude users based on their company and group membership, but this is not working.
(u_our_group_cd is a custom value in sys_user_group, shows the unique value of the group.)

 

checkExcludedCondition();

function checkExcludedCondition() {
    var userId = gs.getUser().getID();
    var isExcluded = false;
    var groupCheck = new GlideRecord('sys_user_grmember');
    groupCheck.addQuery('user', userId);
    groupCheck.query();

    while (groupCheck.next()) {
        // Check if the user belongs to Company A
        if (groupCheck.group.u_company == 'company sys_id') {
            // Check if the user belongs to Group B
            if (groupCheck.group.u_our_group_cd == '1005268') {
                isExcluded = true;  // Exclude users who belong to both Company A and Group B
                break;
            }
        }
    }

    return isExcluded;
}

 

 

0 Helpfuls
  • 595 Views
1 ACCEPTED SOLUTION

Go to solution
Daemon5
Tera Expert

‎09-25-2024 01:48 AM

I figured it out myself. My previous explanation wasn’t clear, and I didn’t accurately describe the requirements.

The actual requirement is more complex:
Users who belong to Company A but are in groups other than Group B should be denied access, while users who belong to Company A and Group B, or users from other companies, should still have access.

Below is the script in "Not Available for" User Criteria.

checkExcludedCondition();

function checkExcludedCondition() {
    var userId = gs.getUser().getID();
    var isExcluded = false;
    var groupCheck = new GlideRecord('sys_user_grmember');
    groupCheck.addQuery('user', userId);
    groupCheck.query();
    var isACompany = false;
    var isBDept = false;
    while (groupCheck.next()) {
        // Check if the user belongs to Company A
        if (groupCheck.group.u_company == 'company sys_id') {
            isACompany = true;
            // Check if the user belongs to Group B
            if (groupCheck.group.u_our_group_cd == '1005268') {
                isBDept = true;
            }
        }
    }
    // Exclude user who belongs to Company A but are in groups other than Group B
    if (isACompany && !isBDept) {
        isExcluded = true;
    }
    return isExcluded;
}

View solution in original post

0 Helpfuls
2 REPLIES 2

Go to solution
Mark Manders
Mega Patron

‎09-25-2024 12:47 AM

Can you try this? 

checkExcludedCondition();

function checkExcludedCondition() {
    var userId = gs.getUserID(); // Get current user ID
    var isExcluded = false;

    // Query the sys_user_grmember table to check if the user belongs to a group
    var groupCheck = new GlideRecord('sys_user_grmember');
    groupCheck.addQuery('user', userId);
    groupCheck.query();

    while (groupCheck.next()) {
        // Use getValue() to retrieve the company's sys_id and group code
        var companySysId = groupCheck.group.u_company.getValue(); 
        var groupCode = groupCheck.group.u_our_group_cd.getValue();

        // Check if the user belongs to Company A and Group B
        if (companySysId == 'company sys_id' && groupCode == '1005268') {
            isExcluded = true;  // Mark the user as excluded
            break;
        }
    }

    return isExcluded;
}

Please mark any helpful or correct solutions as such. That helps others find their solutions.
Mark

Go to solution
Daemon5
Tera Expert

‎09-25-2024 01:48 AM

I figured it out myself. My previous explanation wasn’t clear, and I didn’t accurately describe the requirements.

The actual requirement is more complex:
Users who belong to Company A but are in groups other than Group B should be denied access, while users who belong to Company A and Group B, or users from other companies, should still have access.

Below is the script in "Not Available for" User Criteria.

checkExcludedCondition();

function checkExcludedCondition() {
    var userId = gs.getUser().getID();
    var isExcluded = false;
    var groupCheck = new GlideRecord('sys_user_grmember');
    groupCheck.addQuery('user', userId);
    groupCheck.query();
    var isACompany = false;
    var isBDept = false;
    while (groupCheck.next()) {
        // Check if the user belongs to Company A
        if (groupCheck.group.u_company == 'company sys_id') {
            isACompany = true;
            // Check if the user belongs to Group B
            if (groupCheck.group.u_our_group_cd == '1005268') {
                isBDept = true;
            }
        }
    }
    // Exclude user who belongs to Company A but are in groups other than Group B
    if (isACompany && !isBDept) {
        isExcluded = true;
    }
    return isExcluded;
}
0 Helpfuls