I getting issue that ITIL user able to edit the other user details as he have ITIL roles ,Can anyone help me that how I restrict this

Rajababu
Giga Guru

‎07-19-2016 11:25 PM

Hi,

I got some issue ,That   ITIL user can edit or modify the details other ITIL user that breaches some security or its not desired as per requirement .

So how I able to restrict the ITIL user can edit only his details like on incident ticket he will able to edit only his ticket details if ticket assigned to other then only

then only whom to assigned or group they were able to to.

So any one can suggest on above.

Thanks,

Gaurav Rai

ctomasi Michael.Frysnowdevbtruong@ethosgroup.compradeepksharmasurendarmramireddylarstangerob.phillips

0 Helpfuls
  • 2,109 Views
14 REPLIES 14

paramveer
Mega Guru

‎07-20-2016 02:14 AM

if (gs.getUser().isMemberOf(current.assignment_group) || (current.assigned_to == gs.getUseID()) || current.requester =- gs.getUseID()))         {


answer = true;


}


else {


answer = false;


}



Above code will take care of your query.


0 Helpfuls

Rajababu
Giga Guru

‎07-20-2016 03:49 AM

Hi ,



Still I am able to edit some fields by other itil user s.



find_real_file.png



You can see Impact,Short description and Caller.Able to edit .


If we create again for every field ACL or some other way like any script or therway to do.



Thanks,


Gaurav Rai


ctomasiMichael.Fry


Preview file
218 KB
0 Helpfuls

Chuck Tomasi
Tera Patron
In response to Rajababu

‎07-20-2016 03:55 AM

The safest way to allow edit permission on those fields you want is to create an ACL to allow write access to each of them individually based on role or condition (or script.)



Using Access Control Rules - ServiceNow Wiki


0 Helpfuls

Rajababu
Giga Guru
In response to Chuck Tomasi

‎07-20-2016 04:59 AM

Hi Chuck,



If there is already ACL defined for other purpose then how I can crack down that conflict.



Thanks,


Gaurav Rai


0 Helpfuls

Chuck Tomasi
Tera Patron
In response to Rajababu

‎07-20-2016 05:20 AM

Refer to section 8 here to help debug what is being used and what is not.



Using Access Control Rules - ServiceNow Wiki


0 Helpfuls