Is it possible to make particular roles from the Roles table only accessible to particular group

Megha_pB
Mega Contributor

8 hours ago

Hi,

Is it possible to hide a particular role(example Role A) from role table for all users including admins. It should only be visible if the logged in user belongs to XYZ group.

I am trying thru ACL's but something is missing and the ACL is locking the whole roles table from users who are not part of the group. I only want the role (Role A) to be hidden from the list .

0 Helpfuls
  • 150 Views
3 REPLIES 3

Its_Azar
Kilo Sage

8 hours ago

Hi there @Megha_pB

 

For this usecase i think ACL is not a good choice, u can go with a Before Query Business Rule on sys_user_role that filters out that role unless the user belongs to the required group.

 

(function executeRule(current, previous) {

  var ROLE_TO_HIDE = 'role_a'; // name of Role A
  var GROUP_ALLOWED = 'XYZ';   // name of the group

  // Allow users in XYZ group to see everything
  if (gs.getUser().isMemberOf(GROUP_ALLOWED)) {
    return;
  }

  // Hide only Role A for everyone else (including admins)
  current.addQuery('name', '!=', ROLE_TO_HIDE);

})();

 

here

 

Users not in XYZ → Role A is invisible

Users in XYZ → Role A is visible

Other roles → Not affected

Hope i got your use case right. 

 

☑️ If this helped, please mark it as Helpful or Accept Solution so others can find the answer too.

Kind Regards,
Azar
Serivenow Rising Star
Developer @ KPMG.
0 Helpfuls

Megha_pB
Mega Contributor
In response to Its_Azar

8 hours ago

Hi Azar,

Thank you for your response.

Can this also restrict admins? 

Can this also restrict someone to assign the role through flow designer or scripts?

 

Kind Regards,

Megha.

0 Helpfuls

Its_Azar
Kilo Sage
In response to Megha_pB

7 hours ago

Hi @Megha_pB 

 

1) Restricting admins
Yes, the Before Query BR  will also restrict admins, unless you explicitly allow them. In the script I shared, admins are restricted as well unless they belong to the XYZ group.

2) Restricting role assignment via Flow Designer or scripts
No — a Before Query BR only affects UI visibility (lists and reference lookups). It does not prevent role assignment via flows, background scripts, or APIs.

if its needed.  Create ACL on sys_user_has_role that blocks assignment of Role A unless the user belongs to XYZ.

☑️ If this helped, please mark it as Helpful or Accept Solution so others can find the answer too.

Kind Regards,
Azar
Serivenow Rising Star
Developer @ KPMG.
0 Helpfuls