Incident Priority high tickets can be created only by a particular group

pravee26 · ‎03-30-2017

Creating new Incident tickets with high priority can be done only by 'service Desk' group members.If any other support group members attempt to create priority high incident tickets then pop up should be displayed stating 'you dont have access to create this ticket' and ticket should not be created. How to achieve this? I wrote this ACL

Ankur Bawiskar · ‎03-31-2017

Hi Praveena,

Were you able to achieve your requirement? If yes then please mark the answer as correct so that others having similar question in the future can quickly find it and the question is removed from Unanswered list.

Regards

Ankur

Regards,
Ankur
✨ Certified Technical Architect || ✨ 9x ServiceNow MVP || ✨ ServiceNow Community Leader

HugoFirst · ‎10-11-2017

Hello Praveena,

Seeing that you have yet to mark this question answered, I thought I'd offer up yet another idea. We have a similar requirement and we solved it this way:

1. We created a role :hi_priority_incident_opener. Assign this role to anyone who can open a high priority incident.

2. We then created a business rule on the incident table which runs on insert and update.

the script itself is:

------------------ BEGINNING OF CODE------------------

// name: Restrict p1
// Condition: current.priority.changesTo(1) || current.priority.changesTo(2)
// When to run: Insert - Update

checkuserrole();

function checkuserrole()
{
     if(!gs.hasRole('hi_priority_incident_opener')){
               gs.addErrorMessage("Sorry, you are not permitted to open a P1 or P2 incident.");
               current.setAbortAction(true);
       }
       else
       {
               return;
       }
}


---------------- END OF CODE -----------------

dianeled · ‎10-11-2017

Hi Steve, thanks, I tried your suggestion. Now I can limit P1 incidents and get the error message, but I want it limited to users

that have the role I created named limited_priority. Here is my business rule. Do you know what's wrong with it? It's as though

the checkuserrole function is not working. Thank you!

// name: Restrict p1

// Condition: current.priority.changesTo(1) || current.priority.changesTo(2)

// When to run: Insert - Update

checkuserrole();

function checkuserrole()

{

if(gs.hasRole('limited_priority')){

gs.addErrorMessage("Sorry, you are not permitted to open a P1 or P2 incident.");

current.setAbortAction(true);

}

else

{

return;

}

HugoFirst · ‎10-12-2017

Just for grins, in your development environment, try an OOB role, like itil or catalog and see what happens.

If it works, then we can safely say that gs.hasRole is working OK. Then I would focus on the "limited_priority" role.

Can you give us a screen image of the role's entry which shows the tab for Users?

dianeled · ‎10-16-2017

Thanks Steve, this did work! I was doing it backwards and saying if user had role, restrict. Then when I was testing with the Admin user I was restricted. When I switched the BR to say if user does not have role, restrict, then it worked! Thanks for your help. I tried to mark it as the right answer but I'm not seeing that option, so I did Helpful.