Limit catalog item variable visibility

Go to solution
Valon Sheremeti
Kilo Guru

‎09-28-2018 11:05 AM

I'm trying to finalize a catalog item where:one of its variables (SSN) needs to be visible only to users with certain role (or group membership). SSN variable needs to be visible/writable by all users when they submit their request (Catalog Item view)

I don't want to use Client Scripts as this info is PII and I want to be on safe side.

I think way forward is: Business Rule / Before Query. But I don't know which table to query.

I managed to use a Business Rule below, which it worked fine, but it hid ALL variables (and I need to hide a single variable [SSN] only)

Table: Variable Ownership [sc_item_option_mtom]

Advanced: Yes



When to Run

When: before

Query: Yes



Advanced

(function executeRule(current, previous /*null when async*/) {
if(!gs.getUser().isMemberOf('YOUR ASSIGNMENT GROUP')){
current.addQuery('request_item.cat_item.name','!=','YOUR CATALOG ITEM');
}
})(current, previous);
0 Helpfuls
  • 2,387 Views
1 ACCEPTED SOLUTION

Go to solution
SanjivMeher
Kilo Patron
Kilo Patron

‎09-28-2018 11:11 AM

I would suggest using masked variable here

 

 

Masked

The masked variable inserts a field that masks text entered by users. Each character entered by users is displayed as an asterisk (*). Use this variable to ask users for sensitive or confidential data such as passwords.

Because a masked variable uses platform encryption using TripleDES, the values for this variable are also encrypted. These values can be decrypted by using gr.variables.var_name.getDecryptedValue() on RITM, Catalog Task, or any task extension record created using a record producer.

You can also decrypt and encrypt the values of a masked variable using the Show and Hide buttons. These buttons are not available for a fulfiller (itil) without the catalog_view_masked role.

 

 

reference: https://docs.servicenow.com/bundle/london-it-service-management/page/product/service-catalog-managem...


Please mark this response as correct or helpful if it assisted you with your question.

View solution in original post

0 Helpfuls
4 REPLIES 4

Go to solution
SanjivMeher
Kilo Patron
Kilo Patron

‎09-28-2018 11:11 AM

I would suggest using masked variable here

 

 

Masked

The masked variable inserts a field that masks text entered by users. Each character entered by users is displayed as an asterisk (*). Use this variable to ask users for sensitive or confidential data such as passwords.

Because a masked variable uses platform encryption using TripleDES, the values for this variable are also encrypted. These values can be decrypted by using gr.variables.var_name.getDecryptedValue() on RITM, Catalog Task, or any task extension record created using a record producer.

You can also decrypt and encrypt the values of a masked variable using the Show and Hide buttons. These buttons are not available for a fulfiller (itil) without the catalog_view_masked role.

 

 

reference: https://docs.servicenow.com/bundle/london-it-service-management/page/product/service-catalog-managem...


Please mark this response as correct or helpful if it assisted you with your question.
0 Helpfuls

Go to solution
Valon Sheremeti
Kilo Guru
In response to SanjivMeher

‎10-01-2018 06:26 AM

Sanjiv, 

Thanks for your comment. I appreciate it.

I'm running on Jakarta instance - any idea how to display decrypted catalog item variable value from Catalog Task? I want to create "UI Action" and let certain roles click on a UI Action button which shows decrypted value

Thank you

Val.

 

0 Helpfuls

Go to solution
SanjivMeher
Kilo Patron
Kilo Patron
In response to Valon Sheremeti

‎10-01-2018 10:02 AM

You can add a UI action with below script and add role to the UI action

 

gs.addInfoMessage('The decrypted value is '+current.variables.<var_name>.getDecryptedValue());


Please mark this response as correct or helpful if it assisted you with your question.
0 Helpfuls

Go to solution
Valon Sheremeti
Kilo Guru
In response to SanjivMeher

‎10-01-2018 10:17 AM

Thanks for your prompt reply, Sanjiv

I'm facing two interesting issues:

1. I'm getting the same result whether I'm using with or without getDecryptedValue()

gs.addInfoMessage("Plain value is: " + current.variables.ssn_ssn);
gs.addInfoMessage("Decrypted value is:"+ current.variables.ssn_ssn.getDecryptedValue());

 

2. My experience shows that 'masked' type variable is not really encrypted. Any comment on my post pasted below?

https://community.servicenow.com/community?id=community_question&sys_id=b4c95d0fdb34e380b2102926ca961910

 

 

I appreciate your comments

Thanks a lot

 

0 Helpfuls