I want to restrict users with email address ex- 'abcd.com' .

Rajiv7753Sutar · ‎04-18-2023

restrict users with email "abcd.com" .so that they can only view and have access to incident records where they are either "caller_id" or "u_behalf_of_user".

DUGGI · ‎04-18-2023

@Rajiv7753Sutar

try this

To restrict users with email "abcd.com" so that they can only view and have access to incident records where they are either "caller_id" or "u_behalf_of_user" in ServiceNow, you can use the following steps:

Create a new access control rule (ACR) in ServiceNow. Navigate to 'System Security' > 'Access Control' > 'Create New' and select 'Record' as the Type.
In the ACR form, set the following fields:

Name: Enter a name for the ACR, such as "Restrict users with email abcd.com".
Description: Enter a brief description of the ACR.
Application: Select the application where the ACR will be applied.
Type: Select 'Record' as the type of the ACR.
Table: Select 'Incident' as the table where the ACR will be applied.
Roles: Add the roles that should be restricted by this ACR, such as 'itil' or 'end_user'.
Conditions: Set the following conditions for the ACR:

caller_id.emailNOT LIKE abcd.com^u_behalf_of_user.emailNOT LIKE abcd.com

Save the ACR and test it by logging in as a user with an email address of abcd.com and trying to access incident records.

With these steps, you have successfully restricted the users with email "abcd.com" so that they can only view and have access to incident records where they are either "caller_id" or "u_behalf_of_user" in ServiceNow.

Rajiv7753Sutar · ‎04-18-2023

How can we achieve this through a Before Query business Rule ?

DUGGI · ‎04-18-2023

@Rajiv7753Sutar

In the script section, add the following script:

if (gs.getUser().getValue('email').endsWith('abcd.com')) {
  // restrict query to caller_id or u_behalf_of_user
  var gr = current.addQuery('caller_id', gs.getUserID());
  gr.addOrCondition('u_behalf_of_user', gs.getUserID());
  current.query();
}