Join the #BuildWithBuildAgent Challenge! Get recognized, earn exclusive swag, and inspire the ServiceNow Community with what you can build using Build Agent.  Join the Challenge.

How to prevent users from seeing other RITM request by going into sc_req_item.list

Go to solution
Peter Williams
Kilo Sage

‎07-31-2024 11:41 AM

Good Day, 

 

i need to be able to restrict users that is non-itil to prevent them from seeing other ritm request when they go into sc_req_item.list

 

at the moment they can see this:

 

PeterWilliams_0-1722451255122.png

 

i want them to only see items they submitted or of they are apart of the watch list.

 

i tried the ACL but it doesnt filter the list for it

 

how can i do this please?

0 Helpfuls
  • 894 Views
1 ACCEPTED SOLUTION

Go to solution
Sumanth16
Kilo Patron

‎07-31-2024 11:52 AM

Hi @Peter Williams ,

 

 

 

ACLs, while normally the perfect answer to security questions, always result in the 'Number of rows removed' issue when using a 'Read' operation for records.

 

 

 

In order to avoid this, you need to use a 'before query' business rule on the 'sc_req_item' table.   A script like this should do the trick...it's based off of the out-of-box 'incident query' business rule that does the same thing for incidents.



if (!gs.hasRole("itil") && gs.isInteractive()) {

 

  var u = gs.getUserID();

 

  var qc = current.addQuery("request.requested_for", u).addOrCondition("opened_by", u).addOrCondition("watch_list", "CONTAINS", u);

 

  gs.print("query restricted to user: " + u);

 

}

 

Plz mark my solution as Accept, If you find it helpful.

 

 

Thanks & Regards,

Sumanth meda

View solution in original post

0 Helpfuls
10 REPLIES 10

Go to solution
Peter Williams
Kilo Sage
In response to Sumanth16

‎08-01-2024 06:40 AM

sorry one more thing

i am trying to filter out roles via the items they should see plus if they opened it

 

i tried this but didnt work

(function executeRule(current, previous /*null when async*/) {

if (!(gs.hasRole("itil")||gs.hasRole("Finance_Access")||gs.hasRole("EIF_access") || gs.hasRole("Office_Facilities_access")) && gs.isInteractive()) {

 

  var u = gs.getUserID();

 

  var qc = current.addQuery("request.requested_for", u).addOrCondition("opened_by", u).addOrCondition("watch_list", "CONTAINS", u);
    gs.print("query restricted to user: " + u);
   
}
    if(gs.hasRole("Conference_centre")&&gs.isInteractive()){
      var qc = current.addQuery("request.requested_for", u).addOrCondition("opened_by", u).addOrCondition("watch_list", "CONTAINS", u).addOrCondition("item", "Copy-Print (Multitech)").addOrCondition("item","Messaging Service");
   
    }
 
})(current, previous);
0 Helpfuls

Go to solution
Peter Williams
Kilo Sage
In response to Peter Williams

‎08-01-2024 06:59 AM

ive also tried

      var qc = current.addQuery("request.requested_for", u).addOrCondition("opened_by", u).addOrCondition("watch_list", "CONTAINS", u).addOrCondition("cat_item.name", "Copies-Impression").addOrCondition("cat_item.name","Copy-Print (Multitech)");
 
0 Helpfuls

Go to solution
Peter Williams
Kilo Sage

‎07-31-2024 11:57 AM

amazing it works perfectly thank you very much

0 Helpfuls

Go to solution
jMarshal
Mega Sage

‎07-31-2024 12:05 PM

There is also a specific feature that ServiceNow provides for exactly this, no need to write (potentially) complicated, custom access control conditions.

Exploring Data filtration (servicenow.com)

0 Helpfuls

Go to solution
Peter Williams
Kilo Sage
In response to jMarshal

‎07-31-2024 12:10 PM

how do i go about doing that i am tryin to but i dont see that option in servicenow

 

0 Helpfuls