Make fields read only in change request when moved to state canceled and closed

nherm · ‎11-17-2023

Hi, I have a question. I want to make all fields only readable when the status is closed or canceled for Change requests and for Change tasks.

What is better? Use ACL or Client Script?

I tried it with ACL, but I thinks with ACL its not working, that doesnt make the fields read-only, its only for access the table for users or for nobody to do something or not. Right? Or I made it in a wrong way 🙈 When I created a ACL with read only for states New until Review, then will be the Canceled and Closed records no more shown in the Record list.

When I use unload Client script, I tried it with this code (at first for cancel state):

function onLoad() {

var status = g_form.getValue('state');

if (state == 3); {

var fields = g_form.getEditableFields();

for (var x = 0; x < fields.lenght; x++) {

g_form.setReadOnly(fields[x], true);

}

Is it right or what I have to change, because its not working in the moment.

Kind regards

Nicole

Dibyaratnam · ‎11-20-2023

As client scripts execute before UI policy, so whatever is being done through client script will be overridden by UI policy if any conflict happens. In this case, review the existing ACLs for change_request table and modify them. Set the condition in those existing ACL as "State is not one of Closed or Cancelled" so that those ACL logic doesnt apply to your new ACL, which is a * acl, restricting all users from writing any field for the CLosed or cancelled record.

Check this URL to findout exisiting ACL for change_request.- https://devXXXXX.service-now.com/sys_security_acl_list.do?sysparm_query=nameSTARTSWITHchange_request...,

View solution in original post

nherm · ‎11-20-2023

Hi,

the Client Script works fine in my PDI. But in the Dev Instance for my team are some other UI Policies and I guess they influence my Client Script. But Im not sure, how. Do you know, what comes first in the ordering UI Policy and then Client Script or in the other way? For Client script I cant see any possibilities to change the ordering, or?

For ACL

In summary I now have only this for read and write

I tried this with a write ACL for ITIL role.

The ITIL User see then this:

That means not every fields is read- only after ACL. Do you have an idea, why?

Kind regards and thanks a lot for help 🙂

Nicoe

nherm · ‎11-20-2023

additional information:

when the UI Policy will be change so that the state 3 and 4 its not influenced, then is the Client Script in the Dev instance not running. Here we have the Utah release. Are there any changes necessary for the Client script?

Dibyaratnam · ‎11-20-2023

As client scripts execute before UI policy, so whatever is being done through client script will be overridden by UI policy if any conflict happens. In this case, review the existing ACLs for change_request table and modify them. Set the condition in those existing ACL as "State is not one of Closed or Cancelled" so that those ACL logic doesnt apply to your new ACL, which is a * acl, restricting all users from writing any field for the CLosed or cancelled record.

Check this URL to findout exisiting ACL for change_request.- https://devXXXXX.service-now.com/sys_security_acl_list.do?sysparm_query=nameSTARTSWITHchange_request...,

nherm · ‎11-21-2023

Hi, thanks a lot.

I add in all existing ACL the condition "state is not one of closed or cancelled", set the Admin override to false and add one new ACL see screen. Now its working in my PDI

Tomorrow I will try it also in the Dev instance. Thanks a lot again. Bye Nicole

ZuS · ‎10-04-2024

Your script may be failing because your 'if' doesn't check the original variable 'status', but 'state', as well as your 'lenght' should be 'length'.

Use the ACL, if you want to cut off non-interactive changes as well. I'd probably add an exception for change manager, admin role and the like.