Need help modifying ACL script to use system property for editable variables on sc_task

Pratiksha KC · 3 weeks ago

Hi

We currently have an ACL where item names are hardcoded to make variables editable on the sc_task level. However, we now want to replace this hardcoding and use a system property (with either a comma-separated list or query) to determine which catalog items should have editable variables.

I tried the below script, but it’s not working as expected. Could anyone please help me modify or correct it?

Script-

(function() {
// Read comma-separated sys_ids of catalog items from property
var editableItems = gs.getProperty('glide.sc_task.editable_variables', '').split(',');

// Clean and normalize
editableItems = editableItems.map(function(x) { return x.trim(); }).filter(Boolean);

// Get current catalog item's sys_id from the sc_task record
var itemSysId = current.item ? current.item.toString() : '';

// Allow edit only if current item's sys_id is listed in the property
return editableItems.indexOf(itemSysId) !== -1;
})();

System property-

Ankur Bawiskar · 3 weeks ago

@Pratiksha KC

so none of the variables should be editable on catalog task form to any user for RITMs belonging to those Items?

If yes then 2 approaches

1) onLoad client script + display business rule on sc_task

Display BR

(function executeRule(current, previous /*null when async*/ ) {

    // Add your code here
    var editableItems = gs.getProperty('glide.sc_task.editable_variables');

    if (editableItems) {
        var arr = editableItems.split(',');
        var currentItem = current.request_item.cat_item.sys_id;
        g_scratchpad.makeReadonly = !(arr.indexOf(currentItem) > -1); // I added not in the beginning
    } else {
        g_scratchpad.makeReadonly = false;
    }

})(current, previous);

Normal onLoad Client Script and not catalog client script:

function onLoad() {
    if (g_scratchpad.makeReadonly)
        g_form.setVariablesReadOnly(true);
}

OR

2) ACL -> I am not sure if this works fine, you are already using this.

If the 2nd approach doesn't work or it takes time, 1st approach will work for sure.

💡 If my response helped, please mark it as correct ✅ and close the thread 🔒— this helps future readers find the solution faster! 🙏

Regards,
Ankur
✨ Certified Technical Architect || ✨ 9x ServiceNow MVP || ✨ ServiceNow Community Leader

View solution in original post

RaghavSh · 3 weeks ago

@Pratiksha KC use debug ACL, to see which ACL is conflicting.

I think script is fine, check the same code in background script.

Please mark the answer correct/helpful accordingly.

Raghav
MVP 2023
LinkedIn

RaghavSh · 3 weeks ago

@Pratiksha KC Dd you try the same script in background script?

Try debugging the ACLs, script looks good. There could be a conflicting ACL.

Please mark the answer correct/helpful accordingly.

Raghav
MVP 2023
LinkedIn

Pratiksha KC · 3 weeks ago

Hi @RaghavSh

I checked but there is no conflicting role , Can you please check the screenshots I pasted in the post is that correct for script ?

RaghavSh · 3 weeks ago

Try debug security role, i tried this script in my PDI as background script and it worked.

Its not about conflicting roles, its about conflicting ACLs. For example if there are 2 ACLs and one of them provides the access and other restricts , the access will be provided.

Please mark the answer correct/helpful accordingly.

Raghav
MVP 2023
LinkedIn

Pratiksha KC · 3 weeks ago

Also checked ACLs, there are no conflicting ACLs on sc_task.variable