How to prevent users from seeing other RITM request by going into sc_req_item.list

Go to solution
Peter Williams
Kilo Sage

‎07-31-2024 11:41 AM

Good Day, 

 

i need to be able to restrict users that is non-itil to prevent them from seeing other ritm request when they go into sc_req_item.list

 

at the moment they can see this:

 

PeterWilliams_0-1722451255122.png

 

i want them to only see items they submitted or of they are apart of the watch list.

 

i tried the ACL but it doesnt filter the list for it

 

how can i do this please?

0 Helpfuls
  • 667 Views
1 ACCEPTED SOLUTION

Go to solution
Sumanth16
Kilo Patron

‎07-31-2024 11:52 AM

Hi @Peter Williams ,

 

 

 

ACLs, while normally the perfect answer to security questions, always result in the 'Number of rows removed' issue when using a 'Read' operation for records.

 

 

 

In order to avoid this, you need to use a 'before query' business rule on the 'sc_req_item' table.   A script like this should do the trick...it's based off of the out-of-box 'incident query' business rule that does the same thing for incidents.



if (!gs.hasRole("itil") && gs.isInteractive()) {

 

  var u = gs.getUserID();

 

  var qc = current.addQuery("request.requested_for", u).addOrCondition("opened_by", u).addOrCondition("watch_list", "CONTAINS", u);

 

  gs.print("query restricted to user: " + u);

 

}

 

Plz mark my solution as Accept, If you find it helpful.

 

 

Thanks & Regards,

Sumanth meda

View solution in original post

0 Helpfuls
10 REPLIES 10

Go to solution
Peter Williams
Kilo Sage
In response to Sumanth16

‎08-01-2024 06:40 AM

sorry one more thing

i am trying to filter out roles via the items they should see plus if they opened it

 

i tried this but didnt work

(function executeRule(current, previous /*null when async*/) {

if (!(gs.hasRole("itil")||gs.hasRole("Finance_Access")||gs.hasRole("EIF_access") || gs.hasRole("Office_Facilities_access")) && gs.isInteractive()) {

 

  var u = gs.getUserID();

 

  var qc = current.addQuery("request.requested_for", u).addOrCondition("opened_by", u).addOrCondition("watch_list", "CONTAINS", u);
    gs.print("query restricted to user: " + u);
   
}
    if(gs.hasRole("Conference_centre")&&gs.isInteractive()){
      var qc = current.addQuery("request.requested_for", u).addOrCondition("opened_by", u).addOrCondition("watch_list", "CONTAINS", u).addOrCondition("item", "Copy-Print (Multitech)").addOrCondition("item","Messaging Service");
   
    }
 
})(current, previous);
0 Helpfuls

Go to solution
Peter Williams
Kilo Sage
In response to Peter Williams

‎08-01-2024 06:59 AM

ive also tried

      var qc = current.addQuery("request.requested_for", u).addOrCondition("opened_by", u).addOrCondition("watch_list", "CONTAINS", u).addOrCondition("cat_item.name", "Copies-Impression").addOrCondition("cat_item.name","Copy-Print (Multitech)");
 
0 Helpfuls

Go to solution
Peter Williams
Kilo Sage

‎07-31-2024 11:57 AM

amazing it works perfectly thank you very much

0 Helpfuls

Go to solution
jMarshal
Mega Sage
Mega Sage

‎07-31-2024 12:05 PM

There is also a specific feature that ServiceNow provides for exactly this, no need to write (potentially) complicated, custom access control conditions.

Exploring Data filtration (servicenow.com)

0 Helpfuls

Go to solution
Peter Williams
Kilo Sage
In response to jMarshal

‎07-31-2024 12:10 PM

how do i go about doing that i am tryin to but i dont see that option in servicenow

 

0 Helpfuls