How to restrict admin in ACL and allow a specific role ?

Heena Dahiya · ‎03-09-2016

I am working on Geneva version and I am trying to restrict admin override on ACL with the below script.

I intend to allow only users with "contact manager" role to view my field and restrict all others even if they are admin, I have unchecked admin override

I have tried the below two scripts, can someone help me figure out the glitch. Thanks Advance !!

// Allow access only if the contract manager role is present else restrict even if its admin.

if (gs.hasRoleExactly('contract_manager')) {

answer = true;

}

else {

answer = false;

}

and

// Allow access only if the contract manager role is present else restrict even if its admin.

if ((gs.hasRole('contract_manager') && gs.hasRole('admin')) || (gs.hasRole('contract_manager') && !gs.hasRole('admin'))) {

answer = true;

}

else if (!gs.hasRole('contract_manager') && gs.hasRole('admin')){

answer = false;

}

else {

answer = false;

}

Regards,

Heena Dahiya

Brad Tilton · ‎03-09-2016

Hi Heena,

One of the unique things about the admin role is that hasRole() will always return true for admins whether they specifically have a role or not. You might try using gs.getSession().getRoles() which returns all roles for a user and then iterate through those in a script.

Getting a User Object - ServiceNow Wiki

View solution in original post

kittylasers · ‎02-02-2017

Using Brad's example, I've also had success with a one-liner like this:

if (gs.getSession().getRoles().toString().indexOf('<role to validate>') > -1) { return true; }