How to Restrict sc_tasks by using ACLs

sattar3 · ‎06-05-2024

Hello All,

We have a requirement that only a particular group members can see their sc_tasks and the other group members can't see their group sc_tasks except admins. Is this possible by using ACL?

If a user having 4groups and he is a member of that particular group then he don't want to see the other 3 group sc_tasks even though they can have itil role.

Please help me on this.

@Dr Atul G- LNG @Ankur Bawiskar @Community Alums @SANDEEP28 @Amit Gujarathi @Ravi Gaurav

Thanks,

Sattar

Sandeep Rajput · ‎06-05-2024

Please deactivate the existing sc_task.* read ACL and create a new ACL as follows.

In first condition replace the group name with the group name to whom you would like to grant access of SC Task.

Ankur Bawiskar · ‎06-05-2024

@sattar3

I will suggest to use Query BR along with ACL

Regards,
Ankur
✨ Certified Technical Architect || ✨ 9x ServiceNow MVP || ✨ ServiceNow Community Leader

sattar3 · ‎06-05-2024

Thanks for the reply @Sandeep Rajput @Ankur Bawiskar

We already created a Query BR.

Condition: !gs.hasRole('admin') && gs.isInteractive(true)

BR Script 1:

(function executeRule(current, previous /*null when async*/) {

// Add your code here

var _appEngineGroup = gs.getProperty('app.engine.admins');

if(gs.getUser().isMemberOf(_appEngineGroup)){ current.addEncodedQuery('opened_byDYNAMIC90d1921e5f510100a9ad2572f2b477fe^ORassignment_groupISEMPTY^ORassignment_group='+_appEngineGroup);

}

})(current, previous);

and we have another Query business Rule for

Condition: !gs.hasRole('admin') && gs.isInteractive(true)

BR Script 2:

(function executeRule(current, previous /*null when async*/) {

// Add your code here

var _appEngineGroup = gs.getProperty('app.engine.admins');

if(!gs.getUser().isMemberOf(_appEngineGroup)){ current.addEncodedQuery('opened_byDYNAMIC90d1921e5f510100a9ad2572f2b477fe^ORassignment_groupISEMPTY^ORassignment_group!='+_appEngineGroup);

}

})(current, previous);

When an enduser creates a RITM, and the SCTASK for app engine group, he can able to reopen the RITM but new SC TASK is not creating.

We created a custom widget where enduser can reopen the RITM, once RITM is reopend a new SCTASK will be created (assignment group is same as last closed sctask).

If we deactivated BR-2, its working fine.

We need to create a ACL instead using BR-2.

Widget Script to create new sc_task.

var lastClosedTask = new GlideRecord('sc_task');

lastClosedTask.addQuery('request_item', sys_id);//sys_id-stores ritm sys_id

lastClosedTask.addQuery('state', 3);

lastClosedTask.orderByDesc('closed_at'); // Get the most recent closed task

lastClosedTask.setLimit(1);

//lastClosedTask.setWorkflow(false);

lastClosedTask.query();

gs.info('-->>No.of SC TASKS avaialble for RITM ' + gr.number + '--->' + lastClosedTask.getRowCount());

if (lastClosedTask.next()) {

gs.info("-->>last closed SCTASK No : " + lastClosedTask.number);

var newTask = new GlideRecord('sc_task');

newTask.initialize();

newTask.request_item = sys_id; //sys_id-stores ritm sys_id

newTask.assignment_group = lastClosedTask.assignment_group; // Assign the specified assignment group

newTask.short_description = "Ticket is reopened by " + gs.getUserDisplayName();

newTask.insert();

gs.info("-->>NEW SCTASK Created : " + newTask.number);

}

else {

gs.info("-->>Im from line no.78");

gs.info("-->>No SCTASK is present for RITM :" + gr.number);

}

Please help me on this and provide the steps to write ACL instead 2nd Business Rule so that if enduser click on reopen button a new sc_task will be created.

Now its goes to else condition due to BR-2.

Thanks,

Sattar