Is it possible to make particular roles from the Roles table only accessible to particular group

Megha_pB · 3 weeks ago

Hi,

Is it possible to hide a particular role(example Role A) from role table for all users including admins. It should only be visible if the logged in user belongs to XYZ group.

I am trying thru ACL's but something is missing and the ACL is locking the whole roles table from users who are not part of the group. I only want the role (Role A) to be hidden from the list .

Its_Azar · 3 weeks ago

Hi @Megha_pB

For your ref pasting the acl script

here

(function () {

  var ROLE_TO_RESTRICT = 'role_a'; // name, not sys_id
  var GROUP_ALLOWED = 'XYZ';       // group name

  // If this is NOT Role A, allow assignment
  if (current.role.name != ROLE_TO_RESTRICT) {
    return true;
  }

  // If user is in XYZ, allow Role A
  if (gs.getUser().isMemberOf(GROUP_ALLOWED)) {
    return true;
  }

  return false;

})();

or do paste your script lets see.

☑️ If this helped, please mark it as Helpful or Accept Solution so others can find the answer too.

Kind Regards,
Azar
Serivenow Rising Star ⭐
Developer @ KPMG.

martinvirag · 3 weeks ago

I have created an elevated role for this reason, assigned that role to a user. It will not show in the role list, unless you have the role.

My usecase was:
Have a special admin that access very critical resources. This role and the artifacts cannot be visible and known to admins:)

again, an elevated role did the job perfectly. Don't forget to fully logout before the changes taking effect.

then a deny unless acl on table level on the sys_user_role table:

operatioN: read

admin override : false
applies to :name = x_..._elevated_admin

Assign the x_..._elevated_admin role to the admin and you are done, no scripting needed

Regards,
**Martin Virag**
ServiceNow Rising Star