How to restrict data access to admins
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎10-06-2023 09:58 AM
Hello,
I need to restrict data access for specific administrators without assigning them a custom role. However, I'm encountering an issue where data access is still possible even when the custom role is not assigned to the user.
Is there a way to restrict data for a admin by using a custom role?
Thanks in advance
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎10-06-2023 10:07 AM
Hi @Sai_snow
Are you creating ACL for it...??
If yes then you can uncheck admin override option.
ServiceNow Developer
I know one thing, and that is that I know nothing.
- Socrates
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎10-06-2023 10:10 AM - edited ‎10-06-2023 10:12 AM
Hello @Vishal Birajdar
I created a new user role called "user_admin." This role should be checked when granting elevated privileges. Data should only be accessible to users with this new role, while others should be denied access. For example if there are 2 admins one with user_data role should have the access when he elevate the role to security_admin and other without the role should not get the access when he elevate to security_admin. Can you help me to correct the below BR?
var source = 'Test';
var user = gs.getUser();
var queryFilterUtils = new queryFilteringUtils(user);
if (!gs.hasRole("itil") && !gs.hasRole("security_admin") && !gs.hasRole("itil_admin") && gs.isInteractive()) {
gs.log(user.getDisplayName() + ' is a customer', source);
current.addEncodedQuery(
queryFilterUtils.getTaskEncodedQueryForCustomer());
} else if (!gs.hasRole("security_admin"))
current.addEncodedQuery(
queryFilterUtils.getTaskEncodedQueryForItil());
} else {
gs.log(user.getDisplayName() + ' is an admin', source);
}
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎10-06-2023 10:37 AM
Hi @Sai_snow
I guess you are using Query BR....
Instead of getting query from script include, you can put your query in sys_priperties table if possible.
if (!gs.hasRoleExactly("security_admin") &&(gs.hasRoleExactly("admin") ){
current.addEncodedQuery(gs.getProperty("query_priperty_for_security_admin")); // for security admin
}else if (gs.hasRoleExactly("admin")){
current.addEncodedQuery(gs.getProperty("query_priperty_for_admin")); //only for admin
}else {
current.addEncodedQuery(gs.getProperty("query_priperty_for_normal/customer")); //for normal user
}
Not sure if this works for you...but can you have a try & check...
ServiceNow Developer
I know one thing, and that is that I know nothing.
- Socrates
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎10-06-2023 10:45 AM
Hello@vishal.
The custom role was not given to the admin, but he is able to access the data.. when I run background script for custom role the result is 'true'. In fact it should be false
