Make Locked User Accounts Available from Service Catalog
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎04-22-2025 08:15 AM
We have a catalog item to allow equipment to be returned after an employee has left the company. Selecting the employee (from sys_user) brings up a list of assets assigned to that user. This all works great, except for when the employee being offboarded is marked locked on their user record (sys_user). There is a business rule "user query" that prevents locked accounts from being viewed by role admin and user_admin. Easy enough to remove the restriction but then any menu referencing user records will show the locked users: Ex: assigned to on incident, change, sc_task, ritm. (as well as other places). We don't remove group membership when a user offboards.
Any thoughts on how else this might be achieved?
Thank you
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎04-22-2025 09:17 AM - edited ‎04-22-2025 09:18 AM
Hi @fcaruso123 ,
I have tried this approach
try this and let me know
1.store session client data on for the logged in user on the load of the catalog item
create a client callable script include
var testQueryonBR = Class.create();
testQueryonBR.prototype = Object.extendsObject(AbstractAjaxProcessor, {
putClientDataForCatalog: function() {
gs.getSession().putClientData('allowToViewLockedUsers', this.getParameter('sysparm_allow'));
return gs.getSession().getClientData('allowToViewLockedUsers');
},
getClientData: function() {
return gs.getSession().getClientData('allowToViewLockedUsers');
},
type: 'testQueryonBR'
});
and an onload client script to put client data which allows them to see the inactive users
function onLoad() {
//Type appropriate comment here, and begin script below
var k = new GlideAjax('testQueryonBR')
k.addParam('sysparm_name', 'putClientDataForCatalog');
k.addParam('sysparm_allow', 'true')
k.getXMLAnswer();
}
and an onsubmit client script to hide inactive users
function onSubmit() {
var k = new GlideAjax('testQueryonBR')
k.addParam('sysparm_name', 'putClientDataForCatalog');
k.addParam('sysparm_allow', null)
k.getXMLAnswer();
}
and update the BR script with
if (!gs.getSession().getClientData('allowToViewLockedUsers'))
current.addActiveQuery();
the only issue I can see with this approach is
user opens the catalog form and doesn't submit
in this scenario the user can view the in active user until they end their session(log out)
OR
put an or condition in the BR to allow any other roled to users to see the inactive users
Please mark my answer as helpful/correct if it resolves your query.
Regards,
Chaitanya
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎04-22-2025 09:19 AM
I actually built out something similar for our HR team so that inactive profiles can be selected on certain HR Catalog Items.
The key to this is that you will need to add a new custom field to the "sys_user" table for something like "u_show_inactive" and then pre-populate this on all records. Then on the catalog item in the reference field that points to "sys_user" you would add a simple filter of
"active = true" OR "u_show_inactive=true"
This should then allow you to see/select these profiles even though they are actually inactive.
Now if you are wanting to do any additional data queries, you will need to do further scripting based on a client script and script include as server-side scripting can get around the business rule restriction. Or in some circumstances it's possible to use a "reverse" query to get around the business rule such as in this line of syntax:
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎05-09-2025 12:41 PM
Appreciate the responses. Decided to go a different direction. Since there is currently only one catalog item that needs access to inactive user records, I wrote a script include which performs a gliderecord search of sys_user with the ignore business rule option. User enters the unique ID of employee and an Ajax call returns the attributes necessary to process the request.