- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-09-2025 11:50 AM
I have business rule to restrict any unit managers from add/removing users to groups the unit managers do not belong to except to the units the unit manager belongs to. I have the code snippet below but it's now working:
(function executeRule(current, previous /*null when async*/) {
var userID = gs.getUserID();
// Skip for admins
if (gs.hasRole('admin')) {
return;
}
// Only proceed if user has u_unit_manager role
if (!gs.hasRole('u_unit_manager')) {
return;
}
// Ensure group is not empty
if (!current.group.nil()) {
var groupGR = new GlideRecord('sys_user_group');
if (groupGR.get(current.group.toString())) {
// Check if user is one of the unit managers (list field check)
var unitManagers = groupGR.u_unit_managers.toString().split(',');
if (unitManagers.indexOf(userID) === -1) {
gs.addErrorMessage("You must be one of the Unit Managers of the group to assign users.");
current.setAbortAction(true);
return;
}
// Check if current user is a member of the group
var membershipGR = new GlideRecord('sys_user_grmember');
membershipGR.addQuery('user', userID);
membershipGR.addQuery('group', current.group.toString());
membershipGR.query();
if (!membershipGR.hasNext()) {
gs.addErrorMessage("You can only assign users to groups you are a member of.");
current.setAbortAction(true);
}
}
}
})(current, previous);
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-09-2025 11:13 PM - edited 07-09-2025 11:15 PM
Hi @Adeshola
Try this code
(function executeRule(current, previous /*null when async*/ ) {
var userID = gs.getUserID();
// Check if user is one of the unit managers (list field check)
var unitManagers = current.group.u_unit_managers.toString();
if (unitManagers.indexOf(userID) == -1) {
gs.addErrorMessage("You must be one of the Unit Managers of the group to assign users.");
current.setAbortAction(true);
return;
}
// Check if current user is a member of the group
if (!gs.getUser().isMemberOf(current.group.toString())) {
gs.addErrorMessage("You can only assign users to groups you are a member of.");
current.setAbortAction(true);
}
})(current, previous);
I have moved the roles check and group empty check to conditions part of the BR.
Please check below: //change your field names accordingly.
Mark it helpful if this helps you to understand. Accept solution if this give you the answer you're looking for
Kind Regards,
Rohila V
2022-25 ServiceNow Community MVP
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-10-2025 12:33 AM
try with this ...!
(function executeRule(current, previous) {
var userID = gs.getUserID();
if (gs.hasRole('admin')) {
return;
}
if (!gs.hasRole('u_unit_manager')) {
return;
}
if (!current.group.nil()) {
var groupGR = new GlideRecord('sys_user_group');
if (groupGR.get(current.group.toString())) {
// Check if user is in u_unit_managers list (reference field)
var unitManagerGR = new GlideRecord('sys_user_group_manager');
unitManagerGR.addQuery('group', groupGR.sys_id);
unitManagerGR.addQuery('manager', userID);
unitManagerGR.query();
if (!unitManagerGR.hasNext()) {
gs.addErrorMessage("You must be one of the Unit Managers of the group to assign users.");
current.setAbortAction(true);
return;
}
// Check if user is a member of the group
var membershipGR = new GlideRecord('sys_user_grmember');
membershipGR.addQuery('user', userID);
membershipGR.addQuery('group', groupGR.sys_id);
membershipGR.query();
if (!membershipGR.hasNext()) {
gs.addErrorMessage("You can only assign users to groups you are a member of.");
current.setAbortAction(true);
}
}
}
})(current, previous);
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-09-2025 10:54 PM
Hi @Adeshola ,
Can you let us know on which table you have written this script and on what condition?
Thanks,
GP
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-09-2025 11:13 PM - edited 07-09-2025 11:15 PM
Hi @Adeshola
Try this code
(function executeRule(current, previous /*null when async*/ ) {
var userID = gs.getUserID();
// Check if user is one of the unit managers (list field check)
var unitManagers = current.group.u_unit_managers.toString();
if (unitManagers.indexOf(userID) == -1) {
gs.addErrorMessage("You must be one of the Unit Managers of the group to assign users.");
current.setAbortAction(true);
return;
}
// Check if current user is a member of the group
if (!gs.getUser().isMemberOf(current.group.toString())) {
gs.addErrorMessage("You can only assign users to groups you are a member of.");
current.setAbortAction(true);
}
})(current, previous);
I have moved the roles check and group empty check to conditions part of the BR.
Please check below: //change your field names accordingly.
Mark it helpful if this helps you to understand. Accept solution if this give you the answer you're looking for
Kind Regards,
Rohila V
2022-25 ServiceNow Community MVP
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-10-2025 07:46 AM
Thank you @Voona Rohila. This solution worked
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-10-2025 12:33 AM
try with this ...!
(function executeRule(current, previous) {
var userID = gs.getUserID();
if (gs.hasRole('admin')) {
return;
}
if (!gs.hasRole('u_unit_manager')) {
return;
}
if (!current.group.nil()) {
var groupGR = new GlideRecord('sys_user_group');
if (groupGR.get(current.group.toString())) {
// Check if user is in u_unit_managers list (reference field)
var unitManagerGR = new GlideRecord('sys_user_group_manager');
unitManagerGR.addQuery('group', groupGR.sys_id);
unitManagerGR.addQuery('manager', userID);
unitManagerGR.query();
if (!unitManagerGR.hasNext()) {
gs.addErrorMessage("You must be one of the Unit Managers of the group to assign users.");
current.setAbortAction(true);
return;
}
// Check if user is a member of the group
var membershipGR = new GlideRecord('sys_user_grmember');
membershipGR.addQuery('user', userID);
membershipGR.addQuery('group', groupGR.sys_id);
membershipGR.query();
if (!membershipGR.hasNext()) {
gs.addErrorMessage("You can only assign users to groups you are a member of.");
current.setAbortAction(true);
}
}
}
})(current, previous);