ITIL user not part of assignment group should not edit the assign_to field

VaibhavJ
Tera Contributor

‎10-24-2024 08:19 AM

Hi Team,

 

I have return below script to restrict ITIL user if they are not part of the assignment group to edit assign_to field on the incident form. 

function onLoad() {

    var uerhasadmin = g_user.hasRoleExactly('admin');
    var userhasitil = 'false';
    var userSysId = g_user.userID;
    var groupMembers = new GlideRecord('sys_user_grmember');
    groupMembers.addQuery('group', g_form.getValue('assignment_group'));
    groupMembers.addQuery('user', userSysId);
    groupMembers.query();

    if (groupMembers.hasNext()) {
        userhasitil = 'true';
    }

    if ((uerhasadmin) || (userhasitil == 'true')) {

        g_form.setReadOnly('assigned_to', false);

    } else {
        g_form.setReadOnly('assigned_to', true);
    }
But ITIL user still able to edit the assign_to field even they are not part of the assignment group on incident form.
Can you please help on this?
 
Thanks!
Vaibhav J
0 Helpfuls
  • 486 Views
3 REPLIES 3

Akash4
Kilo Sage
Kilo Sage

‎10-24-2024 08:29 AM

Hi Vaibhav,

Try using the below modified line (remove ==‘true’) since this might be taken as string in stead of boolean value.

> if ((uerhasadmin) || (userhasitil)) {

Regards, Akash
If my response proves useful, please mark it "Accept as Solution" and "Helpful". This action benefits both the community and me.
0 Helpfuls

Brad Bowman
Kilo Patron
Kilo Patron

‎10-24-2024 08:38 AM - edited ‎10-24-2024 08:39 AM

You should do this with a Write ACL on the incident table instead of an unsupported / not recommended GlideRecord in a Client Script.  The logic will be easier since you can use conditions and/or isMemberOf in the server script, and admin override so you don't need to specify that separately. This will also prevent update from a list view and other ways that client-level security fails

0 Helpfuls

Runjay Patel
Giga Sage

‎10-24-2024 09:06 AM

Hi @VaibhavJ ,

 

Gliderecord does not work properly in client side, hence you are not getting correct result.

you can do below. also there is one acl which runs for assigned to filed.

 

You have to modify the existing field level ACL like below.

RunjayPatel_0-1729785928779.png

 

RunjayPatel_1-1729785979839.png

 

I have tested this, it is working.

-------------------------------------------------------------------------

If you found my response helpful, please consider selecting "Accept as Solution" and marking it as "Helpful." This not only supports me but also benefits the community.


Regards
Runjay Patel - ServiceNow Solution Architect
LinkedIn: https://www.linkedin.com/in/runjay
YouTube: https://www.youtube.com/@RunjayP

-------------------------------------------------------------------------

 

 
0 Helpfuls