Limit Unit Manager Group Add

Go to solution
Adeshola
Tera Contributor

‎07-09-2025 11:50 AM

I have business rule to restrict any unit managers from add/removing users to groups the unit managers do not belong to except to the units the unit manager belongs to. I have the code snippet below but it's now working:

 

(function executeRule(current, previous /*null when async*/) {

 

    var userID = gs.getUserID();

 

    // Skip for admins

    if (gs.hasRole('admin')) {

        return;

    }

 

    // Only proceed if user has u_unit_manager role

    if (!gs.hasRole('u_unit_manager')) {

        return;

    }

 

    // Ensure group is not empty

    if (!current.group.nil()) {

        var groupGR = new GlideRecord('sys_user_group');

        if (groupGR.get(current.group.toString())) {

 

                 // Check if user is one of the unit managers (list field check)

                var unitManagers = groupGR.u_unit_managers.toString().split(',');

                if (unitManagers.indexOf(userID) === -1) {

                    gs.addErrorMessage("You must be one of the Unit Managers of the group to assign users.");

                    current.setAbortAction(true);

                    return;

                }

 

                // Check if current user is a member of the group

                var membershipGR = new GlideRecord('sys_user_grmember');

                membershipGR.addQuery('user', userID);

                membershipGR.addQuery('group', current.group.toString());

                membershipGR.query();

 

                if (!membershipGR.hasNext()) {

                    gs.addErrorMessage("You can only assign users to groups you are a member of.");

                    current.setAbortAction(true);

                }

            }

        

    }

 

})(current, previous);

0 Helpfuls
  • 683 Views
2 ACCEPTED SOLUTIONS

Go to solution
Voona Rohila
Mega Patron
Mega Patron

‎07-09-2025 11:13 PM - edited ‎07-09-2025 11:15 PM

Hi @Adeshola 

Try this code

(function executeRule(current, previous /*null when async*/ ) {

    var userID = gs.getUserID();

    // Check if user is one of the unit managers (list field check)
    var unitManagers = current.group.u_unit_managers.toString();
    if (unitManagers.indexOf(userID) == -1) {
        gs.addErrorMessage("You must be one of the Unit Managers of the group to assign users.");
        current.setAbortAction(true);
        return;
    }

    // Check if current user is a member of the group
    if (!gs.getUser().isMemberOf(current.group.toString())) {
        gs.addErrorMessage("You can only assign users to groups you are a member of.");
        current.setAbortAction(true);
    }

})(current, previous);

I have moved the roles check and group empty check to conditions part of the BR.

Please check below: //change your field names accordingly.

VoonaRohila_0-1752127749964.png

VoonaRohila_2-1752127964479.png

 

 

 


Mark it helpful if this helps you to understand. Accept solution if this give you the answer you're looking for
Kind Regards,
Rohila V
2022-25 ServiceNow Community MVP

View solution in original post

0 Helpfuls

Go to solution
Community Alums
Not applicable

‎07-10-2025 12:33 AM

try with this ...!

(function executeRule(current, previous) {

    var userID = gs.getUserID();

    if (gs.hasRole('admin')) {
        return;
    }

    if (!gs.hasRole('u_unit_manager')) {
        return;
    }

    if (!current.group.nil()) {
        var groupGR = new GlideRecord('sys_user_group');
        if (groupGR.get(current.group.toString())) {

            // Check if user is in u_unit_managers list (reference field)
            var unitManagerGR = new GlideRecord('sys_user_group_manager');
            unitManagerGR.addQuery('group', groupGR.sys_id);
            unitManagerGR.addQuery('manager', userID);
            unitManagerGR.query();

            if (!unitManagerGR.hasNext()) {
                gs.addErrorMessage("You must be one of the Unit Managers of the group to assign users.");
                current.setAbortAction(true);
                return;
            }

            // Check if user is a member of the group
            var membershipGR = new GlideRecord('sys_user_grmember');
            membershipGR.addQuery('user', userID);
            membershipGR.addQuery('group', groupGR.sys_id);
            membershipGR.query();

            if (!membershipGR.hasNext()) {
                gs.addErrorMessage("You can only assign users to groups you are a member of.");
                current.setAbortAction(true);
            }
        }
    }

})(current, previous);

 

 

 

View solution in original post

6 REPLIES 6

Go to solution
Voona Rohila
Mega Patron
Mega Patron
In response to Community Alums

‎07-10-2025 12:47 AM

We don't need to query group member table again, we already have .isMemberOf() method available which checks if user is part of group or not.

 


Mark it helpful if this helps you to understand. Accept solution if this give you the answer you're looking for
Kind Regards,
Rohila V
2022-25 ServiceNow Community MVP
0 Helpfuls

Go to solution
Adeshola
Tera Contributor
In response to Community Alums

‎07-10-2025 07:48 AM

Thank you @Community Alums! This solution also works

0 Helpfuls