I want to restrict the permissions to see certain records in the catalog task table.

M_Tomy · ‎10-05-2022

I am a novice developer.
Please help me with the following question.

I created an application A with catalog items.
After I created it, I noticed that the items in Application A contain items with a high level of confidentiality.

So I would like to restrict the access rights of the records related to Application A in the Catalog Task Table.
Is it possible to make it so that only the system administrator and the staff members who belong to the group that is set as the group to which application A is assigned cannot see the corresponding record?

However, I would like to make the records in the catalog task table other than Application A available to other people in the group in charge who have ITIL roles.
Please let me know if there are any articles that would be helpful.

By the way, the version is Tokyo.

Best regards.

Luke Van Epen · ‎10-05-2022

If you can get away with it, try to use Variable Visibility on the Permission tab of the Variable to accomplish this instead of ACLs on the table. Using ACLs in this way is likely to cause issues for you. You can use variable visibility to ensure that only people with certain roles can read the variables entered by the user. You can also add new variables specifically for the fulfiller team to enter further confidential information if needed (as opposed to work notes). Simply hide these extra variables on the catalog form in the portal with UI policies.

More info on how this works is explained near the bottom of this docs page https://docs.servicenow.com/bundle/tokyo-servicenow-platform/page/product/service-catalog-management...

If you must restrict the entire record, make sure you read and understand the complexities of Access Controls before attempting to write a new control

https://docs.servicenow.com/bundle/tokyo-platform-security/page/administer/contextual-security/conce...

You will need to write a scripted ACLs on the catalog task table to accomplish the type of restriction you are asking for

An example might look like:

if(gs.hasRole("admin") || gs.getUser().isMemberOf(current.getValue("assignment_group")){
  return true;
} else {
  return false
}

View solution in original post

M_Tomy · ‎10-11-2022

Mr.Saurav11.

I meant as in the attached document.
Sorry if the explanation was not clear as my native language is not English.

Best regards.