Non-Admin User can't call Script Include from Client Script

Viktor17
Tera Contributor

‎04-24-2024 08:46 AM

Hi community,

 

I have already searched through multiple articles, but unfortunately no one has been able to help me.

Here is the problem in short:

I have created an Action Assignment, which acts basically as a related list UI Action in the risk workspace. In this action assignment record there is a client script, which calls a Script Include with a Ajax Call. The set up of both records can be found further down below.

If I click the UI Action Assignment with a admin user, everything works as expected - but if I click it with a user with the sn_grc.business_user_lite role ('lite user'), the script include won't get executed.

I included some logs for debugging in the script include which won't show in the logs when performed with the lite user.

In my opinion this looks like an ACL-topic. It seems that the access to the script include is denied for the light user and I have read something about the execute ACL "client_callable_script_include" but I don't think this applies in my case?

As a general info: The light user has creating operation rights for all the tables which are used in the Server Script.

 

For more information here is the configuration of the records mentioned:

1) Action Assignment:

Screenshot from the action assignment.

 

AA-1.png

 

Here is the code from the action assignment:

function onClick() {
    var fields = [
        {
            type: 'reference',
            name: 'assigned_to',
            label: getMessage('User name:'),
            mandatory: true,
            reference: 'sys_user',
            referringTable: 'sn_risk_mitigation_task',
            referringRecordId: g_form.getUniqueValue(),
            value: '',
            displayValue: ''
        }
    ];

    g_modal.showFields({
        title: "Please select to which user the task should be assigned.",
        fields: fields,
        size: 'lg'
    }).then(function(fieldValues) {
        var violations = g_list.getChecked().split(',');
    
        var ajax = new GlideAjax('sn_risk.RiskViolationUtils');
        ajax.addParam('sysparm_name', 'changeTask');
        ajax.addParam('sysparm_violations_id', g_list.getChecked());
        ajax.addParam('sysparm_assigned_to', fieldValues.updatedFields[0].value);

        ajax.getXMLAnswer(function(answer) {
            var url = '/now/risk/risk/record/sn_risk_risk/' + g_form.getValue('risk')+ '/sub/record/sn_risk_mitigation_task/' + answer;
            var link = '<a href="' + url +'">here</a>';
            g_form.addInfoMessage('A new task was successfully created. Click ' + link + ' to get to the task.');
            g_list.refresh();
        });
    });
 }

 

2) Script Include:

Here is the setup of the script include (yes, it's active, client callable and accessible from all scopes):

SI-1.png

 

Here is the script from the Script Include:

var RiskViolationUtils = Class.create();
RiskViolationUtils.prototype = Object.extendsObject(global.AbstractAjaxProcessor, {

    changeTask: function() {
        var assignedTo = this.getParameter('sysparm_assigned_to');
        var violations_id = this.getParameter('sysparm_violations_id');
        var violations = violations_id.split(',');

        var grViolationRecord = new GlideRecord('sn_risk_risk_violation');
        grViolationRecord.get(violations[0]);

        var grResponseTask = new GlideRecord('sn_risk_mitigation_task');
        grResponseTask.initialize();
        grResponseTask.risk = grViolationRecord.u_risk;
        grResponseTask.short_description = grViolationRecord.u_risk_response_task.short_description + ' (Reassigned)';
        grResponseTask.assigned_to = assignedTo; //grViolationRecord.u_risk_response_task.assigned_to;
        grResponseTask.insert();

        var grViolations = new GlideRecord('sn_risk_risk_violation');
        grViolations.addQuery('sys_id', 'IN', violations_id);
        grViolations.query();
        while (grViolations.next()){
            grViolations.u_risk_response_task = grResponseTask.sys_id;
            grViolations.u_mitigating_control = '';
            grViolations.update();
        }

        return grResponseTask.sys_id;
    },

    addControl: function() {
        var task_id = this.getParameter('sysparm_risk_id');

        var grM2M = new GlideRecord('sn_risk_m2m_risk_mitigation_control');
        grM2M.addQuery('risk_mitigation', task_id);
        grM2M.query();
        while (grM2M.next()){
            grM2M.deleteRecord();
        }

        var grViolations = new GlideRecord('sn_risk_risk_violation');
        grViolations.addQuery('u_risk_response_task', task_id);
        grViolations.query();
        while (grViolations.next()){
            grViolations.u_state = 'vanished';
            grViolations.update();
        }

        return 'Done.';
    },

    type: 'RiskViolationUtils'
});

 

0 Helpfuls
  • 815 Views
2 REPLIES 2

Appanna M
Tera Guru

‎04-24-2024 08:58 AM - edited ‎04-24-2024 09:03 AM

Hello @Viktor17 ,

Suggestion: Create a new client callable script include and at the time of saving the SI just give the role like sn_grc.business_user_lite and see. (The role must be having all the end users who are going to perform the task.) 

below is the sample screenshot.

AppannaM_0-1713974126312.png

 

Please Mark My Answer as Helpful and Accept as Solution, if you find this article helpful or resolves your issue.

Brian107
Tera Contributor
In response to Appanna M

‎01-07-2025 01:25 PM

This has caused me more frustration that I'd like to admit. When the AJAX isn't working this is a sneaky reason why.

0 Helpfuls