Keeping Assigned To from approving their own change

gwow
Kilo Contributor

I'm looking for ideas on keeping the assigned to from approving their own changes. Whenever a change is created, the approval group is the ("approver: " + assigned group) that is tasked for that particular change. If the assigned to is a member of both the assignment group and approval group, they will have the ability to approve their own change. I would like to be able to limit or not allow the assigned to the ability to approve their own change. Any ideas on how to go about and completing this task?

11 REPLIES 11

Invoke
Kilo Contributor

Hi Casper,

Just wondering how you got on with this? We have a similar requirement whereby the group that the change raiser is a member of is asked to approve the change record. We don't want the person who actually raised the change to be able to approve. Any ideas?

Thanks
Scott


We are looking for something similar as well, hopefully we get an update soon.


tony_fugere
Mega Guru

This business rule is cool, but why not "cut them off at the pass?" I would vote for using the Advanced checkbox on the Approval Activity in your workflow. From there write a script that populates the answer array (per the comments given in the Activity variable) accordingly. For example:



var answer = [];
var member = new GlideRecord('sys_user_grmember');
member.addQuery('group.name', 'IT Security');
member.addQuery('user', '!=', current.assigned_to.sys_id);
member.query();
while(member.next()) {
answer.push(member.user.sys_id);
}


marcguy
ServiceNow Employee
ServiceNow Employee

called generate user approvals, which you could customise to check the user is privileged to approve the change.

I've done this before to check the users have been given the role of approver within the group, so only 5/10 group members get an approval generated.

Marc


richard_selby
Kilo Guru

Another idea is to put a Before Insert rule on the Approval table, which prevents the approval record being inserted if the Approver is the same as the Assigned To user of the Change.



Table: Approval [sysapproval_approver]


When: before


Insert: checked


Conditions: Source table is change_request


Script:


(function executeRule(current, previous /*null when async*/) {


  // Stop people being able to approve their own changes.


  // When approving a Change Request, if the approver is same


  // as the Assigned To user, bail out.




  var approverId = current.approver+'';


  var chgId = current.document_id+'';




  // Can't dot-walk on a Document ID field


  gr = new GlideRecord('change_request');


  if (!gr.get(chgId))


  {


  gs.log("BR Can't Approve Own Changes: can't retrieve Change record");


  return;


  }



  var assigned_toId = gr.assigned_to;


  if (approverId == assigned_toId)


  {


  current.setAbortAction(true);


  gs.log("BR Can't Approve Own Changes: Not inserting approval record for " + current.approver.name +


      " as he is Assigned To user for " + gr.number);


  }


})(current, previous);



This works well when there are several workflows. You can use the Approval - Group activity as often as you like, withough needing to write a custom approval script each time.