How to show Network group and network category incidents if the Network group user logged in

Avee678
Tera Contributor

Hello All, 

   I've a requirement, If any user from Network assignment opens incident list then incident under Network category and incidents assigned to Network group should only show to them.  Can someone assist me to write an ACL with Script to achieve this?

Thanks in Advance!

2 ACCEPTED SOLUTIONS

Ct111
Giga Sage


Three approaches possible

1. ACL

incident table , read operation

condition : gs.hasRole('itil')

Script :
var isNetworkUser = gs.getUser().isMemberOf('Network');
if (!isNetworkUser) {
// If not in Network group, allow normal ACL to apply
answer = true;
return;
}

// For Network group, filter query
var match = current.category == 'Network' || current.assignment_group.name == 'Network';
answer = match;

 

2. before Query business rule on incident table

table : incident , when : before


if (gs.getUser().isMemberOf('Network')) {
var qc = current.addQuery('category', 'Network');
qc.addOrCondition('assignment_group.name', 'Network');
}


3.  USe separate view or module

Create a separate Incident list module under the application menu called “My Network Incidents.”
Add a fixed filter:

category=Network^ORassignment_group.name=Network

 

If this is a strict security requirement (users must never see other incidents, even via API): use Option 1 (ACL)
in combination with Option 2 (Query BR) for performance.

If it’s just a UI convenience (they can still search for others if needed): use Option 3 with a filtered module.

View solution in original post

try something like below

 


if (gs.getUser().isMemberOf('Network')) {
// Main condition for category
var mainQuery = current.addQuery('category', 'Network');

// Create a nested OR condition for assignment group
var orCond = current.addQuery('assignment_group.name', 'Network');
orCond.addOrCondition('assignment_group.name', 'Cloud');

// Now mainQuery AND (orCond)
// ServiceNow GlideRecord automatically ANDs separate addQuery() calls
}

View solution in original post

7 REPLIES 7

Ankur Bawiskar
Tera Patron
Tera Patron

@Avee678 

you can use query business rule for this in combination of Table.None READ ACL

what did you start and where are you stuck?

If my response helped please mark it correct and close the thread so that it benefits future readers.

Regards,
Ankur
Certified Technical Architect  ||  9x ServiceNow MVP  ||  ServiceNow Community Leader

Hello Ankur,

   Thanks for the responce. I'm using Table.none ACL and below script but not able to get anything

var network = new GlideRecord('sys_user_grmember');
network .addQuery('user', gs.getUserID());
network .addQuery('group.name', 'Network');
network .query();

if (!network .hasNext()) {
answer = true;
} else {
answer = (current.category == 'network'); 
}

Rafael Batistot
Tera Sage

Hi @Avee678 

 

May you try these steps 

 

Create a new ACL

  • Go to System Security → Access Control (ACL).
  • Click New.
  • Configure:
    • Type: record
    • Operation: read
    • Table: Incident (incident)
    • Advanced: check this to add a script.

(function() {
// Check if user is in the 'Network' assignment group
var networkGroupSysId = 'ENTER_NETWORK_GROUP_SYS_ID_HERE'; // Replace with your Network Group sys_id
var networkCategory = 'network'; // Replace with your actual Network category value

// Check if the incident category is 'Network' AND assigned to Network group
if ((current.category == networkCategory) && (current.assignment_group == networkGroupSysId)) {
return true; // Allow access
}

// Optional: allow admins to see all
if (gs.hasRole('admin')) {
return true;
}

return false; // Deny access otherwise
})();

Ct111
Giga Sage


Three approaches possible

1. ACL

incident table , read operation

condition : gs.hasRole('itil')

Script :
var isNetworkUser = gs.getUser().isMemberOf('Network');
if (!isNetworkUser) {
// If not in Network group, allow normal ACL to apply
answer = true;
return;
}

// For Network group, filter query
var match = current.category == 'Network' || current.assignment_group.name == 'Network';
answer = match;

 

2. before Query business rule on incident table

table : incident , when : before


if (gs.getUser().isMemberOf('Network')) {
var qc = current.addQuery('category', 'Network');
qc.addOrCondition('assignment_group.name', 'Network');
}


3.  USe separate view or module

Create a separate Incident list module under the application menu called “My Network Incidents.”
Add a fixed filter:

category=Network^ORassignment_group.name=Network

 

If this is a strict security requirement (users must never see other incidents, even via API): use Option 1 (ACL)
in combination with Option 2 (Query BR) for performance.

If it’s just a UI convenience (they can still search for others if needed): use Option 3 with a filtered module.