Make incidents visible to specific group
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-31-2024 10:06 PM
Hi All,
I want to make incidents visible to only HR group and software group.
How this can be achieved?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-31-2024 10:31 PM - edited 05-31-2024 10:43 PM
- Create a Before -Query Business rule on 'Incident' table
- In the script field, update sys_id of the group to be restricted
(function executeRule(current, previous /*null when async*/ ) {
var grp = current.addNullQuery('assignment_group').addOrCondition('assignment_group','==','<sys_id of the group to be restricted for other users>');
})(current, previous);
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-01-2024 01:31 AM - edited 06-01-2024 01:32 AM
Hello @Rakshanda Kunte ,
You can hide it from two ways via Query BR and via ACL. i will provide both of the cases as below-
Create Business Rule to Restrict Access
-
Navigate to System Definition > Business Rules.
-
Click on New to create a new Business Rule.
-
Configure the Business Rule with the following details:
- Name: Restrict Incident Visibility
- Table: Incident [incident]
- Active: True
- Advanced: Check this box
-
When to Run:
- When: Before
- Insert: Unchecked
- Update: Unchecked
- Delete: Unchecked
- Query: Checked
-
Filter Conditions: Leave empty (we will handle conditions in the script).
-
Script:
Add the following script to the Advanced tab in the Script field:
// Business Rule script to restrict access to incidents (function executeRule(current, previous /*null when async*/) { // Define the allowed groups var allowedGroups = ['HR Group', 'Software Group']; // Get the user's groups var userGroups = gs.getUser().getMyGroups(); var userHasAccess = false; // Check if the user belongs to one of the allowed groups for (var i = 0; i < userGroups.size(); i++) { if (allowedGroups.indexOf(userGroups.get(i).getName()) != -1) { userHasAccess = true; break; } } // If the user does not have access, abort the query if (!userHasAccess) { gs.addErrorMessage('You do not have access to view incidents.'); current.setAbortAction(true); } })(current, previous);Replace
'HR Group'and'Software Group'with the actual names of your HR and software groups. -
Save the Business Rule.
Via ACL as follows-
1. Create HR and Software Groups
Ensure that the HR group and the software group are created in your ServiceNow instance.
- Navigate to User Administration > Groups.
- Verify that the HR group and the software group exist. If not, create them by clicking New and filling in the necessary details.
2. Assign Users to Groups
Make sure the users who need access to the incidents are assigned to the appropriate groups.
- Navigate to User Administration > Users.
- Open the user records and add them to either the HR group or the software group in the Groups related list.
3. Create Access Control Rule for Incident Table
You will create an ACL that restricts read access to the incident table.
-
Navigate to System Security > Access Control (ACL).
-
Click on New to create a new ACL.
- Type: Record
- Operation: Read
- Name: Incident [incident]
-
In the Requires Role section, specify a new or existing role that will be used to control access. For example,
incident_read.
4. Create Script to Restrict Access
In the ACL condition script, you will write a script to restrict access to members of the HR and software groups.
-
Add the following script to the Condition field:
// Condition script to check if the user is in HR or Software group var userGroups = gs.getUser().getMyGroups(); var allowedGroups = ['HR Group', 'Software Group']; for (var i = 0; i < userGroups.size(); i++) { if (allowedGroups.indexOf(userGroups.get(i).getName()) != -1) { answer = true; break; } } answer = false;Replace
'HR Group'and'Software Group'with the actual names of your HR and software groups. -
Save the ACL.
5. Assign Role to Groups
Assign the role used in the ACL (e.g., incident_read) to the HR and software groups.
- Navigate to User Administration > Groups.
- Open the HR group record and add the
incident_readrole to the Roles related list. - Repeat the same for the software group.
Test by logging in as users who belong to the HR and software groups to ensure they can view incidents. Also, verify that users who are not in these groups cannot see the incidents.
Regards,
Vaishnavi Lathkar
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-01-2024 01:38 AM
Hi @Rakshanda Kunte ,
You can create a read ACL with condition as
var answer=false;
if(gs.getUser().isMemberOf('sys_id_of_HRgroup') && gs.getUser().isMemberOf('sys_id_of_Softwaregroup') ||)
{
answer=true;
}
(OR)Query BR:
- Create a Before -Query Business rule on 'Incident' table
- In the Advanced tab, set the condition as:
!gs.getUser().isMemberOf('<group name to be restricted for other users>') - In the script field, update sys_id of the group to be restricted
(function executeRule(current, previous /*null when async*/ ) {
var grp = current.addNullQuery('assignment_group').addOrCondition('assignment_group','!=','<sys_id of the group to be restricted for other users>');
})(current, previous);
Mark it as helpful and solution proposed if it serves your purpose.
Thanks,
Anand
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-01-2024 01:56 AM
Hi,
You can use below script:
