Incident business rule - Only viewable by specific team unless assigned to users group

Go to solution
leebooth
Kilo Expert

‎09-05-2017 10:29 AM

Hi All,

I'm still fairly new to ServiceNow, so apologies in advance if I'm missing something obvious.

We created a record producer to output a special type of Incident which will only be viewable by our Cybersecurity team.

A new field was added to incidents 'u_created_by_form', which is populated by the record producer, as an identifier for these types of Incidents.

I created a before query business rule with the following script:

Condition:

!gs.getUser().isMemberOf('Cybersecurity')

Script:

current.addEncodedQuery('u_created_by_form!=F46 - Information Security Incident^ORu_created_by_formISEMPTY');

This worked fine.

If the current user was not a member of Cybersecurity - they would not be able to see "F46 - Information Security Incident" incidents.

I now need to modify this so that a member of the current assignment group can also view. For example, if the Cybersecurity team passed a log to the Admin stack, we would also be able to see the Incident. If it was then assigned back to Cybersecurity - we would lose viewing rights.

This was my initial attempt, but no success.

Condition:

!gs.getUser().isMemberOf('Cybersecurity')

Script:

var currentUserID = gs.getUserID();                 // Get current user ID
var assigned_group = current.assigned_group;       // Get current log assignment group
var groupMember = new GlideRecord('sys_user_grmember');                 // Create Glide Record - group member table
groupMember.addQuery('group', assigned_group);                                   // limit group member table - current assignment group
groupMember.addQuery('user', currentUserID);                                       // limit group member table (current assignment group) - current user
groupMember.query();                                                                 // run query: Is current user a member of the current assignment group?
if(groupMember.next()) {
   // User is in the group - don't apply restriction
}
else {
   // Hide "F46 - Information Security Incident" (but show blanks)
   current.addEncodedQuery('u_created_by_form!=F46 - Information Security Incident^ORu_created_by_formISEMPTY');
}

Can this be done via business rule?

I was hoping to avoid having to modify all the Incident read ACLs!

0 Helpfuls
  • 3,959 Views
1 ACCEPTED SOLUTION

Go to solution
Jochen Geist
ServiceNow Employee
ServiceNow Employee

‎09-05-2017 10:45 AM

The "current" object in a Query Business Rule is the query itself, not a GlideRecord.


Therefore "current.assignment_group" does not work as this field does not exists on the query.



You need to change your current query to another query:


Created by form is not Information Security Incident OR (Created by form is Security AND Assignment Group is one of my groups)



You can build the query via the list view first: https://servicenowgems.com/2015/07/29/tip-for-creating-complex-before-query-business-rules/


View solution in original post

0 Helpfuls
12 REPLIES 12

Go to solution
SanjivMeher
Kilo Patron
Kilo Patron

‎09-05-2017 10:38 AM

Few corrections to your script to line 1 and 2.



  1. var currentUserID = gs.getUser().getID();                 // Get current user ID  
  2. var assigned_group = current.assignment_group;       // Get current log assignment group  
  3.  
  4. var groupMember = new GlideRecord('sys_user_grmember');                 // Create Glide Record - group member table  
  5. groupMember.addQuery('group', assigned_group);                                   // limit group member table - current assignment group  
  6. groupMember.addQuery('user', currentUserID);                                       // limit group member table (current assignment group) - current user  
  7. groupMember.query();                                                                 // run query: Is current user a member of the current assignment group?  
  8.  
  9. if(groupMember.next()) {  
  10.   // User is in the group - don't apply restriction  
  11. }  
  12. else {  
  13.   // Hide "F46 - Information Security Incident" (but show blanks)  
  14.   current.addEncodedQuery('u_created_by_form!=F46 - Information Security Incident^ORu_created_by_formISEMPTY');  
  15. }  

Please mark this response as correct or helpful if it assisted you with your question.

Go to solution
andy_dufresne
Tera Expert
In response to SanjivMeher

‎03-01-2018 08:28 AM

Sanjeev,

 

Your solution helped me.  Thank you!!

 

Regards

0 Helpfuls

Go to solution
saprem_d
Giga Guru

‎09-05-2017 10:41 AM

Hi,



Yes this can be done by a business rule. Modify your script as below



  1. var isMember = gs.getUser().isMemberOf(current.assignment_group.getDisplayValue());  
  2. if(isMember) {  
  3.   // User is in the group - don't apply restriction  
  4. }  
  5. else {  
  6.   // Hide "F46 - Information Security Incident" (but show blanks)  
  7.   current.addEncodedQuery('u_created_by_form!=F46 - Information Security Incident^ORu_created_by_formISEMPTY');  
  8. }  

Go to solution
vinothkumar
Tera Guru

‎09-05-2017 10:43 AM

Hi Lee,



Checking current user is a member of current assignment group is simple, Simply add the below code and it will works.



var assignmentGrp = current.assignment_group.getDisplayValue();  


  var grpMember = gs.getUser().isMemberOf(assignmentGrp);  


  var userId = gs.getUserID();  


  if(grpMember) //Check if the current user is member of the group  


  {  


  answer = 'true';  


  }  


0 Helpfuls