- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
3 weeks ago
Hello All,
I've a requirement, If any user from Network assignment opens incident list then incident under Network category and incidents assigned to Network group should only show to them. Can someone assist me to write an ACL with Script to achieve this?
Thanks in Advance!
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
3 weeks ago
Three approaches possible
1. ACL
incident table , read operation
condition : gs.hasRole('itil')
Script :
var isNetworkUser = gs.getUser().isMemberOf('Network');
if (!isNetworkUser) {
// If not in Network group, allow normal ACL to apply
answer = true;
return;
}
// For Network group, filter query
var match = current.category == 'Network' || current.assignment_group.name == 'Network';
answer = match;
2. before Query business rule on incident table
table : incident , when : before
if (gs.getUser().isMemberOf('Network')) {
var qc = current.addQuery('category', 'Network');
qc.addOrCondition('assignment_group.name', 'Network');
}
3. USe separate view or module
Create a separate Incident list module under the application menu called “My Network Incidents.”
Add a fixed filter:
category=Network^ORassignment_group.name=Network
If this is a strict security requirement (users must never see other incidents, even via API): use Option 1 (ACL)
in combination with Option 2 (Query BR) for performance.
If it’s just a UI convenience (they can still search for others if needed): use Option 3 with a filtered module.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
3 weeks ago
try something like below
if (gs.getUser().isMemberOf('Network')) {
// Main condition for category
var mainQuery = current.addQuery('category', 'Network');
// Create a nested OR condition for assignment group
var orCond = current.addQuery('assignment_group.name', 'Network');
orCond.addOrCondition('assignment_group.name', 'Cloud');
// Now mainQuery AND (orCond)
// ServiceNow GlideRecord automatically ANDs separate addQuery() calls
}
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
3 weeks ago
you can use query business rule for this in combination of Table.None READ ACL
what did you start and where are you stuck?
If my response helped please mark it correct and close the thread so that it benefits future readers.
Ankur
✨ Certified Technical Architect || ✨ 9x ServiceNow MVP || ✨ ServiceNow Community Leader
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
3 weeks ago
Hello Ankur,
Thanks for the responce. I'm using Table.none ACL and below script but not able to get anything
var network = new GlideRecord('sys_user_grmember');
network .addQuery('user', gs.getUserID());
network .addQuery('group.name', 'Network');
network .query();
if (!network .hasNext()) {
answer = true;
} else {
answer = (current.category == 'network');
}
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
3 weeks ago
Hi @Avee678
May you try these steps
Create a new ACL
- Go to System Security → Access Control (ACL).
- Click New.
- Configure:
- Type: record
- Operation: read
- Table: Incident (incident)
- Advanced: check this to add a script.
(function() {
// Check if user is in the 'Network' assignment group
var networkGroupSysId = 'ENTER_NETWORK_GROUP_SYS_ID_HERE'; // Replace with your Network Group sys_id
var networkCategory = 'network'; // Replace with your actual Network category value
// Check if the incident category is 'Network' AND assigned to Network group
if ((current.category == networkCategory) && (current.assignment_group == networkGroupSysId)) {
return true; // Allow access
}
// Optional: allow admins to see all
if (gs.hasRole('admin')) {
return true;
}
return false; // Deny access otherwise
})();
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
3 weeks ago
Three approaches possible
1. ACL
incident table , read operation
condition : gs.hasRole('itil')
Script :
var isNetworkUser = gs.getUser().isMemberOf('Network');
if (!isNetworkUser) {
// If not in Network group, allow normal ACL to apply
answer = true;
return;
}
// For Network group, filter query
var match = current.category == 'Network' || current.assignment_group.name == 'Network';
answer = match;
2. before Query business rule on incident table
table : incident , when : before
if (gs.getUser().isMemberOf('Network')) {
var qc = current.addQuery('category', 'Network');
qc.addOrCondition('assignment_group.name', 'Network');
}
3. USe separate view or module
Create a separate Incident list module under the application menu called “My Network Incidents.”
Add a fixed filter:
category=Network^ORassignment_group.name=Network
If this is a strict security requirement (users must never see other incidents, even via API): use Option 1 (ACL)
in combination with Option 2 (Query BR) for performance.
If it’s just a UI convenience (they can still search for others if needed): use Option 3 with a filtered module.