Join the #BuildWithBuildAgent Challenge! Get recognized, earn exclusive swag, and inspire the ServiceNow Community with what you can build using Build Agent.  Join the Challenge.

Limit catalog item variable visibility

Go to solution
Valon Sheremeti
Kilo Guru

‎09-28-2018 11:05 AM

I'm trying to finalize a catalog item where:one of its variables (SSN) needs to be visible only to users with certain role (or group membership). SSN variable needs to be visible/writable by all users when they submit their request (Catalog Item view)

I don't want to use Client Scripts as this info is PII and I want to be on safe side.

I think way forward is: Business Rule / Before Query. But I don't know which table to query.

I managed to use a Business Rule below, which it worked fine, but it hid ALL variables (and I need to hide a single variable [SSN] only)

Table: Variable Ownership [sc_item_option_mtom]

Advanced: Yes



When to Run

When: before

Query: Yes



Advanced

(function executeRule(current, previous /*null when async*/) {
if(!gs.getUser().isMemberOf('YOUR ASSIGNMENT GROUP')){
current.addQuery('request_item.cat_item.name','!=','YOUR CATALOG ITEM');
}
})(current, previous);
0 Helpfuls
  • 2,654 Views
1 ACCEPTED SOLUTION

Go to solution
SanjivMeher
Mega Patron
Mega Patron

‎09-28-2018 11:11 AM

I would suggest using masked variable here

 

 

Masked

The masked variable inserts a field that masks text entered by users. Each character entered by users is displayed as an asterisk (*). Use this variable to ask users for sensitive or confidential data such as passwords.

Because a masked variable uses platform encryption using TripleDES, the values for this variable are also encrypted. These values can be decrypted by using gr.variables.var_name.getDecryptedValue() on RITM, Catalog Task, or any task extension record created using a record producer.

You can also decrypt and encrypt the values of a masked variable using the Show and Hide buttons. These buttons are not available for a fulfiller (itil) without the catalog_view_masked role.

 

 

reference: https://docs.servicenow.com/bundle/london-it-service-management/page/product/service-catalog-managem...


Please mark this response as correct or helpful if it assisted you with your question.

View solution in original post

0 Helpfuls
4 REPLIES 4

Go to solution
SanjivMeher
Mega Patron
Mega Patron

‎09-28-2018 11:11 AM

I would suggest using masked variable here

 

 

Masked

The masked variable inserts a field that masks text entered by users. Each character entered by users is displayed as an asterisk (*). Use this variable to ask users for sensitive or confidential data such as passwords.

Because a masked variable uses platform encryption using TripleDES, the values for this variable are also encrypted. These values can be decrypted by using gr.variables.var_name.getDecryptedValue() on RITM, Catalog Task, or any task extension record created using a record producer.

You can also decrypt and encrypt the values of a masked variable using the Show and Hide buttons. These buttons are not available for a fulfiller (itil) without the catalog_view_masked role.

 

 

reference: https://docs.servicenow.com/bundle/london-it-service-management/page/product/service-catalog-managem...


Please mark this response as correct or helpful if it assisted you with your question.
0 Helpfuls

Go to solution
Valon Sheremeti
Kilo Guru
In response to SanjivMeher

‎10-01-2018 06:26 AM

Sanjiv, 

Thanks for your comment. I appreciate it.

I'm running on Jakarta instance - any idea how to display decrypted catalog item variable value from Catalog Task? I want to create "UI Action" and let certain roles click on a UI Action button which shows decrypted value

Thank you

Val.

 

0 Helpfuls

Go to solution
SanjivMeher
Mega Patron
Mega Patron
In response to Valon Sheremeti

‎10-01-2018 10:02 AM

You can add a UI action with below script and add role to the UI action

 

gs.addInfoMessage('The decrypted value is '+current.variables.<var_name>.getDecryptedValue());


Please mark this response as correct or helpful if it assisted you with your question.
0 Helpfuls

Go to solution
Valon Sheremeti
Kilo Guru
In response to SanjivMeher

‎10-01-2018 10:17 AM

Thanks for your prompt reply, Sanjiv

I'm facing two interesting issues:

1. I'm getting the same result whether I'm using with or without getDecryptedValue()

gs.addInfoMessage("Plain value is: " + current.variables.ssn_ssn);
gs.addInfoMessage("Decrypted value is:"+ current.variables.ssn_ssn.getDecryptedValue());

 

2. My experience shows that 'masked' type variable is not really encrypted. Any comment on my post pasted below?

https://community.servicenow.com/community?id=community_question&sys_id=b4c95d0fdb34e380b2102926ca961910

 

 

I appreciate your comments

Thanks a lot

 

0 Helpfuls