- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎09-05-2017 10:29 AM
Hi All,
I'm still fairly new to ServiceNow, so apologies in advance if I'm missing something obvious.
We created a record producer to output a special type of Incident which will only be viewable by our Cybersecurity team.
A new field was added to incidents 'u_created_by_form', which is populated by the record producer, as an identifier for these types of Incidents.
I created a before query business rule with the following script:
Condition:
!gs.getUser().isMemberOf('Cybersecurity')
Script:
current.addEncodedQuery('u_created_by_form!=F46 - Information Security Incident^ORu_created_by_formISEMPTY');
This worked fine.
If the current user was not a member of Cybersecurity - they would not be able to see "F46 - Information Security Incident" incidents.
I now need to modify this so that a member of the current assignment group can also view. For example, if the Cybersecurity team passed a log to the Admin stack, we would also be able to see the Incident. If it was then assigned back to Cybersecurity - we would lose viewing rights.
This was my initial attempt, but no success.
Condition:
!gs.getUser().isMemberOf('Cybersecurity')
Script:
var currentUserID = gs.getUserID(); // Get current user ID
var assigned_group = current.assigned_group; // Get current log assignment group
var groupMember = new GlideRecord('sys_user_grmember'); // Create Glide Record - group member table
groupMember.addQuery('group', assigned_group); // limit group member table - current assignment group
groupMember.addQuery('user', currentUserID); // limit group member table (current assignment group) - current user
groupMember.query(); // run query: Is current user a member of the current assignment group?
if(groupMember.next()) {
// User is in the group - don't apply restriction
}
else {
// Hide "F46 - Information Security Incident" (but show blanks)
current.addEncodedQuery('u_created_by_form!=F46 - Information Security Incident^ORu_created_by_formISEMPTY');
}
Can this be done via business rule?
I was hoping to avoid having to modify all the Incident read ACLs!
Solved! Go to Solution.
- Labels:
-
Best Practices
-
Scripting and Coding
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎09-05-2017 10:45 AM
The "current" object in a Query Business Rule is the query itself, not a GlideRecord.
Therefore "current.assignment_group" does not work as this field does not exists on the query.
You need to change your current query to another query:
Created by form is not Information Security Incident OR (Created by form is Security AND Assignment Group is one of my groups)
You can build the query via the list view first: https://servicenowgems.com/2015/07/29/tip-for-creating-complex-before-query-business-rules/
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎09-05-2017 10:45 AM
The "current" object in a Query Business Rule is the query itself, not a GlideRecord.
Therefore "current.assignment_group" does not work as this field does not exists on the query.
You need to change your current query to another query:
Created by form is not Information Security Incident OR (Created by form is Security AND Assignment Group is one of my groups)
You can build the query via the list view first: https://servicenowgems.com/2015/07/29/tip-for-creating-complex-before-query-business-rules/
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎09-06-2017 02:16 AM
Of course! This makes so much sense now you've said it.
I did try going down this route originally with my encoded query but there was no option for Assignment group - is NOT(dynamic) - One of my groups.
I was a long day and I just couldn't get the logic right! Got it working now.
Thanks for your help everyone, I've learned a little bit from each of you. Much appreciated.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎09-26-2017 11:55 AM
Lee, could I ask your assistance setting up something similar?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎09-27-2017 01:12 AM
Go ahead, I'll help if i can
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎09-28-2017 08:37 AM
Basically I am trying to do what you have done. I need to make forms that ONLY a select group can view/access, i.e. HR. I am still earning my wings so I do not know where to start.
