How to show Network group and network category incidents if the Network group user logged in

Avee678 · 3 weeks ago

Hello All,

I've a requirement, If any user from Network assignment opens incident list then incident under Network category and incidents assigned to Network group should only show to them. Can someone assist me to write an ACL with Script to achieve this?

Thanks in Advance!

Ct111 · 3 weeks ago

Three approaches possible

1. ACL

incident table , read operation

condition : gs.hasRole('itil')

Script :
var isNetworkUser = gs.getUser().isMemberOf('Network');
if (!isNetworkUser) {
// If not in Network group, allow normal ACL to apply
answer = true;
return;
}

// For Network group, filter query
var match = current.category == 'Network' || current.assignment_group.name == 'Network';
answer = match;

2. before Query business rule on incident table

table : incident , when : before

if (gs.getUser().isMemberOf('Network')) {
var qc = current.addQuery('category', 'Network');
qc.addOrCondition('assignment_group.name', 'Network');
}

3. USe separate view or module

Create a separate Incident list module under the application menu called “My Network Incidents.”
Add a fixed filter:

category=Network^ORassignment_group.name=Network

If this is a strict security requirement (users must never see other incidents, even via API): use Option 1 (ACL)
in combination with Option 2 (Query BR) for performance.

If it’s just a UI convenience (they can still search for others if needed): use Option 3 with a filtered module.

View solution in original post

Ct111 · 3 weeks ago

try something like below

if (gs.getUser().isMemberOf('Network')) {
// Main condition for category
var mainQuery = current.addQuery('category', 'Network');

// Create a nested OR condition for assignment group
var orCond = current.addQuery('assignment_group.name', 'Network');
orCond.addOrCondition('assignment_group.name', 'Cloud');

// Now mainQuery AND (orCond)
// ServiceNow GlideRecord automatically ANDs separate addQuery() calls
}

View solution in original post

Ankur Bawiskar · 3 weeks ago

@Avee678

you can use query business rule for this in combination of Table.None READ ACL

what did you start and where are you stuck?

If my response helped please mark it correct and close the thread so that it benefits future readers.

Regards,
Ankur
✨ Certified Technical Architect || ✨ 9x ServiceNow MVP || ✨ ServiceNow Community Leader

Avee678 · 3 weeks ago

Hello Ankur,

Thanks for the responce. I'm using Table.none ACL and below script but not able to get anything

var network = new GlideRecord('sys_user_grmember');
network .addQuery('user', gs.getUserID());
network .addQuery('group.name', 'Network');
network .query();

if (!network .hasNext()) {
answer = true;
} else {
answer = (current.category == 'network');
}

Rafael Batistot · 3 weeks ago

Hi @Avee678

May you try these steps

Create a new ACL

Go to System Security → Access Control (ACL).
Click New.
Configure:

Type: record
Operation: read
Table: Incident (incident)
Advanced: check this to add a script.

(function() {
// Check if user is in the 'Network' assignment group
var networkGroupSysId = 'ENTER_NETWORK_GROUP_SYS_ID_HERE'; // Replace with your Network Group sys_id
var networkCategory = 'network'; // Replace with your actual Network category value

// Check if the incident category is 'Network' AND assigned to Network group
if ((current.category == networkCategory) && (current.assignment_group == networkGroupSysId)) {
return true; // Allow access
}

// Optional: allow admins to see all
if (gs.hasRole('admin')) {
return true;
}

return false; // Deny access otherwise
})();

Ct111 · 3 weeks ago