I want to restrict the permissions to see certain records in the catalog task table.

M_Tomy · ‎10-05-2022

I am a novice developer.
Please help me with the following question.

I created an application A with catalog items.
After I created it, I noticed that the items in Application A contain items with a high level of confidentiality.

So I would like to restrict the access rights of the records related to Application A in the Catalog Task Table.
Is it possible to make it so that only the system administrator and the staff members who belong to the group that is set as the group to which application A is assigned cannot see the corresponding record?

However, I would like to make the records in the catalog task table other than Application A available to other people in the group in charge who have ITIL roles.
Please let me know if there are any articles that would be helpful.

By the way, the version is Tokyo.

Best regards.

Luke Van Epen · ‎10-05-2022

If you can get away with it, try to use Variable Visibility on the Permission tab of the Variable to accomplish this instead of ACLs on the table. Using ACLs in this way is likely to cause issues for you. You can use variable visibility to ensure that only people with certain roles can read the variables entered by the user. You can also add new variables specifically for the fulfiller team to enter further confidential information if needed (as opposed to work notes). Simply hide these extra variables on the catalog form in the portal with UI policies.

More info on how this works is explained near the bottom of this docs page https://docs.servicenow.com/bundle/tokyo-servicenow-platform/page/product/service-catalog-management...

If you must restrict the entire record, make sure you read and understand the complexities of Access Controls before attempting to write a new control

https://docs.servicenow.com/bundle/tokyo-platform-security/page/administer/contextual-security/conce...

You will need to write a scripted ACLs on the catalog task table to accomplish the type of restriction you are asking for

An example might look like:

if(gs.hasRole("admin") || gs.getUser().isMemberOf(current.getValue("assignment_group")){
  return true;
} else {
  return false
}

View solution in original post

Luke Van Epen · ‎10-05-2022

If you can get away with it, try to use Variable Visibility on the Permission tab of the Variable to accomplish this instead of ACLs on the table. Using ACLs in this way is likely to cause issues for you. You can use variable visibility to ensure that only people with certain roles can read the variables entered by the user. You can also add new variables specifically for the fulfiller team to enter further confidential information if needed (as opposed to work notes). Simply hide these extra variables on the catalog form in the portal with UI policies.

More info on how this works is explained near the bottom of this docs page https://docs.servicenow.com/bundle/tokyo-servicenow-platform/page/product/service-catalog-management...

If you must restrict the entire record, make sure you read and understand the complexities of Access Controls before attempting to write a new control

https://docs.servicenow.com/bundle/tokyo-platform-security/page/administer/contextual-security/conce...

You will need to write a scripted ACLs on the catalog task table to accomplish the type of restriction you are asking for

An example might look like:

if(gs.hasRole("admin") || gs.getUser().isMemberOf(current.getValue("assignment_group")){
  return true;
} else {
  return false
}

M_Tomy · ‎10-10-2022

Mr. Luke Van Epen

Thank you for your response.
I will try with the information you provided.

We are currently busy with other tasks.
It may take some time for us to report the result.
I will report back in this chat once the problem is solved.

Thank you for your continued support.

M_Tomy · ‎03-14-2024

I have forgotten to reply to your message.
Please forgive me.
I was able to do it by following the procedure you taught me.
Thanks for the one year delay.

Saurav11 · ‎10-05-2022

Hello,

The Application A is it a group of variables which you want to restrict or is it fields on the catalog task form. Can you paste some screenshots it would be easier to assist you.

Thanks.