I need to write a ACL for read

Chandra18 · ‎03-26-2024

Hi,

I need to write a ACL (Access control list) for giving read access to current logged-in-user if He is manager of any group & Having ITIL role.

Thanks in advanced.

Ankur Bawiskar · ‎03-26-2024

@Chandra18

it's an easy one.

what did you start with and where are you stuck?

you need to use itil role in the Roles field and use script to check if logged in user is manager of someone

var gr = new GlideRecord("sys_user_group");
gr.addQuery("manager", gs.getUserID());
gr.setLimit(1);
gr.query();
answer = gr.hasNext();

If my response helped please mark it correct and close the thread so that it benefits future readers.

Regards,
Ankur
✨ Certified Technical Architect || ✨ 9x ServiceNow MVP || ✨ ServiceNow Community Leader

Chandra18 · ‎03-27-2024

Hi @Ankur Bawiskar
At the time of update ACL It is showing a error "Read ACLs should not have GlideRecord/GlideAggregate in script"
Steps to resolve issue: Remove the use of GlideRecord and GlideAggregate for a read ACL. Consider another approach that won't have this much of a performance impact.

Please Give another sample script.

Thanks
Chandra

Ankur Bawiskar · ‎03-27-2024

@Chandra18

then move that code to script include and write GlideRecord there.

I hope you will be able to handle this

Please mark my response as correct as I already shared the solution above.

Regards,
Ankur
✨ Certified Technical Architect || ✨ 9x ServiceNow MVP || ✨ ServiceNow Community Leader

Chandra18 · ‎03-27-2024

Hi @Ankur Bawiskar
Could you please guide on this, I am not aware how can we call script include on ACL Or other steps need to take?

Script Include :

var validategrpoupManager = Class.create();
validategrpoupManager.prototype = {

validateManager: function() {
var grp = new GlideRecord("sys_user_grpoup");
grp.addQuery("manager", gs.getUserID());
grp.setLimit(1);
grp.query();
if (grp.hasNext()) {
return true;
}
},

type: 'validategrpoupManager'
};

ACL SCRIPT :
answer = new validateGroupManager().validateManager();