Limit visibility of Assignment Groups to see only their assigned RITM and REQ

Go to solution
Russell Abbott
Kilo Sage

‎07-13-2022 10:59 AM

I have a requirement to test limiting the scope of what each Assignment Group can see.

I have managed to get this to work for Incidents, limiting to only see Incidents that they are the customer, or on the watchlist, or Incidents assigned to their 'Assignment Group' field on the Incident Record

I have managed to get this to work in the same manner for SC_Tasks

However, i haven't found a way to propagate that upward through the RITM and REQ level, we do not have the 'Assignment Group' field on those records and there is no desire to add it

Is it possible to script this in my BR?

Pseudo:

Can view REQ = True

Can view RITM = True

IF i am the customer

IF i am the creator

IF RITM contains SC_TASK where 'Assignment Group' is DYNAMIC 'one of my groups'

IF REQ contains RITM containing SC_TASK where 'Assignment Group' is DYNAMIC 'one of my groups'

Here is my current BR code running on SC_TASK

Condition:

!gs.hasRole('admin')||gs.getUser().isMemberOf("IS-SECURITY-BADGES")

(function executeRule(current, previous /*null when async*/ ) {

if (gs.getSession().isInteractive()) {

//Restrict to caller, watchlist, or members of assigned group...
var u = gs.getUserID(); //Get the sys_id value of the current user
var g = getMyGroups(); //Get the list of the current user groups
var q = current.addQuery('request.requested_for', u).addOrCondition('assignment_group', g).addOrCondition('watch_list', 'CONTAINS', u); //Modify the current query on the sc_task table
}
})(current, previous);
Labels:
  • 2,252 Views
1 ACCEPTED SOLUTION

Go to solution
-O-
Kilo Patron
Kilo Patron

‎07-13-2022 01:02 PM

I don't think this is possible (I'm assuming this would be a query Business Rule-QBR). For two reasons:

1. while related list queries are possible using RLQUERY (see Encoded query strings - towards the bottom of the page) it can only be AND-ed, not OR-ed with other conditions.

2. it messes up list filters as those cannot "express" the RLQUERY part and messes up other QBRs that count on such complications NOT being present.

View solution in original post

0 Helpfuls
13 REPLIES 13

Go to solution
-O-
Kilo Patron
Kilo Patron
In response to Russell Abbott

‎07-18-2022 05:43 PM

Also, here's a(n after) Business Rule that does it for parent Requests:

(function executeRule (previous, current) {
	var assignment_groups = getSiblingCatalogTaskAssignmentGroups('' + current.request),
		group_list = getVectorFrom('' + current.request.group_list),
		request = current.request.getRefRecord();

	if (request && request.isValidRecord()) {
		request.group_list = assignment_groups.reduce(addNewGroups, group_list).join(',');
		request.update();
	}

	function addNewGroups (assignment_groups, assignment_group) {
		if (!~assignment_groups.indexOf(assignment_group))
			assignment_groups.push(assignment_group);

		return assignment_groups;
	}

	function getSiblingCatalogTaskAssignmentGroups (requestUniqueValue) {
		var assignment_groups = [],
			sc_task = new GlideRecord('sc_task');

		sc_task.addQuery('request', requestUniqueValue);

		sc_task._query();

		while (sc_task._next())
			assignment_groups.push('' + sc_task.assignment_group);

		return assignment_groups;
	}

	function getVectorFrom (list) {
		return list.split(/\s*,\s*/g).filter(retainNotEmpty);
	}

	function retainNotEmpty (item) {
		return typeof item != 'undefined' && item != null && item != '';
	}
})(previous, current);

Conditions: Request is not empty and Assignment group changes. If the history of assignment groups should not be kept, line

group_list = getVectorFrom('' + current.request.group_list),

should be changed to:

group_list = [],

And it can be easily duplicated, just by replacing table and field names - where needed, to make it work for Requested Items.

0 Helpfuls

Go to solution
Russell Abbott
Kilo Sage
In response to -O-

‎07-20-2022 12:21 PM

Ill be looking at testing this in sub prod over the next couple of days. I'm still new to scripting so this reads like another language in places 🙂 Ill let you know the outcome once my schedule is free enough to test!

 

I appreciate the time and effort here, thank you very much.

 

-Russ.

0 Helpfuls

Go to solution
Brandon P1
Mega Guru

‎11-29-2022 10:15 AM

Hi Russell,

I too have a business case where this is a requirement with the only difference that I need to limit the rule to a single assignment group so they only see the incidents assigned to them.  using you reference above I am unable to get this to work on incidents.  Can you please share you BR configuration?

 

Thanks 

0 Helpfuls

Go to solution
Russell Abbott
Kilo Sage
In response to Brandon P1

‎11-29-2022 11:45 AM

Brandon,

 

This is the BR i use on the Incident Table. Reply back if this doesn't work for you.

 

Make sure it's a 'Before Query' BR. Add the following condition for the pilot so that it does not affect Admin '!gs.hasRole('admin')

 

(function executeRule(current, previous /*null when async*/ ) {

if(!(gs.action.getGlideURI().toString().indexOf('portal') > -1)){ //apply the script when the view is NOT 'portal'

if(gs.getUser().isMemberOf('<SYS ID of target Assignment Group')){
if (gs.getSession().isInteractive()) {          
   //Restrict to caller, watchlist, or members of assigned group...
   var u = gs.getUserID(); //Get the sys_id value of the current user
   var g = getMyGroups(); //Get the list of the current user groups
   var q = current.addQuery('caller_id', u).addOrCondition('assignment_group', g).addOrCondition('watch_list', 'CONTAINS', u); //Modify the current query on the incident table however you might need
}
}}})(current, previous);