Limit Unit Manager Group Add

Go to solution
Adeshola
Tera Contributor

‎07-09-2025 11:50 AM

I have business rule to restrict any unit managers from add/removing users to groups the unit managers do not belong to except to the units the unit manager belongs to. I have the code snippet below but it's now working:

 

(function executeRule(current, previous /*null when async*/) {

 

    var userID = gs.getUserID();

 

    // Skip for admins

    if (gs.hasRole('admin')) {

        return;

    }

 

    // Only proceed if user has u_unit_manager role

    if (!gs.hasRole('u_unit_manager')) {

        return;

    }

 

    // Ensure group is not empty

    if (!current.group.nil()) {

        var groupGR = new GlideRecord('sys_user_group');

        if (groupGR.get(current.group.toString())) {

 

                 // Check if user is one of the unit managers (list field check)

                var unitManagers = groupGR.u_unit_managers.toString().split(',');

                if (unitManagers.indexOf(userID) === -1) {

                    gs.addErrorMessage("You must be one of the Unit Managers of the group to assign users.");

                    current.setAbortAction(true);

                    return;

                }

 

                // Check if current user is a member of the group

                var membershipGR = new GlideRecord('sys_user_grmember');

                membershipGR.addQuery('user', userID);

                membershipGR.addQuery('group', current.group.toString());

                membershipGR.query();

 

                if (!membershipGR.hasNext()) {

                    gs.addErrorMessage("You can only assign users to groups you are a member of.");

                    current.setAbortAction(true);

                }

            }

        

    }

 

})(current, previous);

0 Helpfuls
  • 603 Views
2 ACCEPTED SOLUTIONS

Go to solution
Voona Rohila
Kilo Patron
Kilo Patron

‎07-09-2025 11:13 PM - edited ‎07-09-2025 11:15 PM

Hi @Adeshola 

Try this code

(function executeRule(current, previous /*null when async*/ ) {

    var userID = gs.getUserID();

    // Check if user is one of the unit managers (list field check)
    var unitManagers = current.group.u_unit_managers.toString();
    if (unitManagers.indexOf(userID) == -1) {
        gs.addErrorMessage("You must be one of the Unit Managers of the group to assign users.");
        current.setAbortAction(true);
        return;
    }

    // Check if current user is a member of the group
    if (!gs.getUser().isMemberOf(current.group.toString())) {
        gs.addErrorMessage("You can only assign users to groups you are a member of.");
        current.setAbortAction(true);
    }

})(current, previous);

I have moved the roles check and group empty check to conditions part of the BR.

Please check below: //change your field names accordingly.

VoonaRohila_0-1752127749964.png

VoonaRohila_2-1752127964479.png

 

 

 


Mark it helpful if this helps you to understand. Accept solution if this give you the answer you're looking for
Kind Regards,
Rohila V
2022-25 ServiceNow Community MVP

View solution in original post

0 Helpfuls

Go to solution
Community Alums
Not applicable

‎07-10-2025 12:33 AM

try with this ...!

(function executeRule(current, previous) {

    var userID = gs.getUserID();

    if (gs.hasRole('admin')) {
        return;
    }

    if (!gs.hasRole('u_unit_manager')) {
        return;
    }

    if (!current.group.nil()) {
        var groupGR = new GlideRecord('sys_user_group');
        if (groupGR.get(current.group.toString())) {

            // Check if user is in u_unit_managers list (reference field)
            var unitManagerGR = new GlideRecord('sys_user_group_manager');
            unitManagerGR.addQuery('group', groupGR.sys_id);
            unitManagerGR.addQuery('manager', userID);
            unitManagerGR.query();

            if (!unitManagerGR.hasNext()) {
                gs.addErrorMessage("You must be one of the Unit Managers of the group to assign users.");
                current.setAbortAction(true);
                return;
            }

            // Check if user is a member of the group
            var membershipGR = new GlideRecord('sys_user_grmember');
            membershipGR.addQuery('user', userID);
            membershipGR.addQuery('group', groupGR.sys_id);
            membershipGR.query();

            if (!membershipGR.hasNext()) {
                gs.addErrorMessage("You can only assign users to groups you are a member of.");
                current.setAbortAction(true);
            }
        }
    }

})(current, previous);

 

 

 

View solution in original post

6 REPLIES 6

Go to solution
G Ponsekar
Mega Guru

‎07-09-2025 10:54 PM

Hi @Adeshola ,

 

Can you let us know on which table you have written this script and on what condition?

 

Thanks,

GP

0 Helpfuls

Go to solution
Voona Rohila
Kilo Patron
Kilo Patron

‎07-09-2025 11:13 PM - edited ‎07-09-2025 11:15 PM

Hi @Adeshola 

Try this code

(function executeRule(current, previous /*null when async*/ ) {

    var userID = gs.getUserID();

    // Check if user is one of the unit managers (list field check)
    var unitManagers = current.group.u_unit_managers.toString();
    if (unitManagers.indexOf(userID) == -1) {
        gs.addErrorMessage("You must be one of the Unit Managers of the group to assign users.");
        current.setAbortAction(true);
        return;
    }

    // Check if current user is a member of the group
    if (!gs.getUser().isMemberOf(current.group.toString())) {
        gs.addErrorMessage("You can only assign users to groups you are a member of.");
        current.setAbortAction(true);
    }

})(current, previous);

I have moved the roles check and group empty check to conditions part of the BR.

Please check below: //change your field names accordingly.

VoonaRohila_0-1752127749964.png

VoonaRohila_2-1752127964479.png

 

 

 


Mark it helpful if this helps you to understand. Accept solution if this give you the answer you're looking for
Kind Regards,
Rohila V
2022-25 ServiceNow Community MVP
0 Helpfuls

Go to solution
Adeshola
Tera Contributor
In response to Voona Rohila

‎07-10-2025 07:46 AM

Thank you @Voona Rohila. This solution worked

0 Helpfuls

Go to solution
Community Alums
Not applicable

‎07-10-2025 12:33 AM

try with this ...!

(function executeRule(current, previous) {

    var userID = gs.getUserID();

    if (gs.hasRole('admin')) {
        return;
    }

    if (!gs.hasRole('u_unit_manager')) {
        return;
    }

    if (!current.group.nil()) {
        var groupGR = new GlideRecord('sys_user_group');
        if (groupGR.get(current.group.toString())) {

            // Check if user is in u_unit_managers list (reference field)
            var unitManagerGR = new GlideRecord('sys_user_group_manager');
            unitManagerGR.addQuery('group', groupGR.sys_id);
            unitManagerGR.addQuery('manager', userID);
            unitManagerGR.query();

            if (!unitManagerGR.hasNext()) {
                gs.addErrorMessage("You must be one of the Unit Managers of the group to assign users.");
                current.setAbortAction(true);
                return;
            }

            // Check if user is a member of the group
            var membershipGR = new GlideRecord('sys_user_grmember');
            membershipGR.addQuery('user', userID);
            membershipGR.addQuery('group', groupGR.sys_id);
            membershipGR.query();

            if (!membershipGR.hasNext()) {
                gs.addErrorMessage("You can only assign users to groups you are a member of.");
                current.setAbortAction(true);
            }
        }
    }

})(current, previous);