make a field visible only for ITIL users

carlosromero · ‎05-11-2017

Hi there.

i have created a field u_onq_id on the user table (sys_user) i need this field to be visible only for ITIL user i have been trying to used an UI policy but havent had luck. this is what i have tried:

but its not working. i have also tried an ACL and client script but not luck i will appreciate any help.

shloke04 · ‎05-12-2017

Hi,

Few things to point out in your script as mentioned below:

1) gs.getUser() is a server side function and cannot be used on client side i.e. it cannot be used in the UI Policy or client Scripts. So that is the main reason why your UI Policy was not working.

You can update your UI Policy on the User Table as per the script mentioned below in the screenshot:

I have tested this on my personal instance and it's working for me. Kindly test the same from your end also.

Hope this helps.Mark the answer as correct/helpful based on impact.

Regards,

Shloke

Hope this helps. Please mark the answer as correct/helpful based on impact.

Regards,
Shloke

View solution in original post

carlosromero · ‎05-11-2017

yes i have tried that. unfortunately its not working. its showing still the field when i impersonate an ITIL user and an Admin user

Jon Barnes · ‎05-11-2017

if you use an ACL, your script needs to look like this:

(function() {

if (gs.hasRole('itil') && !gs.hasRole('admin')) {

return false;

}

return true;

})();

However, I think it is better to grant access to the field based on some roles, instead of denying access based on roles. Does that make sense?

Shishir Srivast · ‎05-11-2017

Did you check if the Admin Override check box is unchecked?

Also, field ACL rules are processed in the following order:

Match the table and field name. For example, incident.number.
Match the parent table and field name. For example, task.number.
Match any table (wildcard) and field name. For example, *.number.
Match the table and any field (wildcard). For example, incident.*.
Match the parent table and any field (wildcard). For example, task.*.
Match any table (wildcard) and any field (wildcard). For example, *.*.

If there is a matching rule for the incident.number field, the system stops searching for matching field ACL rules such as task.number or incident.* because the user has already been granted or denied access to the field.

http://wiki.servicenow.com/index.php?title=Using_Access_Control_Rules#gsc.tab=0

Hope this helps you.

shloke04 · ‎05-12-2017

Hi,

Few things to point out in your script as mentioned below:

1) gs.getUser() is a server side function and cannot be used on client side i.e. it cannot be used in the UI Policy or client Scripts. So that is the main reason why your UI Policy was not working.

You can update your UI Policy on the User Table as per the script mentioned below in the screenshot:

I have tested this on my personal instance and it's working for me. Kindly test the same from your end also.

Hope this helps.Mark the answer as correct/helpful based on impact.

Regards,

Shloke

Hope this helps. Please mark the answer as correct/helpful based on impact.

Regards,
Shloke

shloke04 · ‎05-23-2017

Hi,

Did you got a chance to review the solution proposed, if your query is Resolved please mark the answer as correct and close the thread.

Regards,

Shloke

Hope this helps. Please mark the answer as correct/helpful based on impact.

Regards,
Shloke