- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Monday
Hi All,
I have a requirement only opened by should able to see the Req and RITM not other even requested for should not able to see the request for particular catalog item.
I tried restricted via ACL and Query BR but still requested for and other ITIL users able to see the RITM and REQ.
Please guide me which is the best approach.
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Monday
you can enhance that
something like this
(function executeRule(current, previous /*null when async*/ ) {
if (!gs.getSession().isInteractive() || gs.hasRole('admin')) {
return;
}
var catItemId = 'PUT_CATALOG_ITEM_SYS_ID_HERE';
var allowedGroupId = 'PUT_GROUP_SYS_ID_HERE';
var userId = gs.getUserID();
// If user is in the allowed group, allow full access to this catalog item's RITMs
if (gs.getUser().isMemberOf(allowedGroupId)) {
return;
}
// For the restricted catalog item:
// show only records where request.opened_by is current user
// all other catalog items remain visible as usual
current.addEncodedQuery(
'cat_item!=' + catItemId +
'^NQcat_item=' + catItemId + '^request.opened_by=' + userId
);
})(current, previous);💡 If my response helped, please mark it as correct ✅ and close the thread 🔒— this helps future readers find the solution faster! 🙏
Ankur
✨ Certified Technical Architect || ✨ 10x ServiceNow MVP || ✨ ServiceNow Community Leader
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Tuesday
share that BR of REQ
Ankur
✨ Certified Technical Architect || ✨ 10x ServiceNow MVP || ✨ ServiceNow Community Leader
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Tuesday
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Tuesday
so what debugging did you do?
Ankur
✨ Certified Technical Architect || ✨ 10x ServiceNow MVP || ✨ ServiceNow Community Leader
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Tuesday
(function executeRule(current, previous /*null when async*/ ) {
var restrictegrp = 'sys_id';
if (!gs.getSession().isInteractive() || gs.hasRole('admin') || gs.getUser().isMemberOf(restrictegrp)) {
return;
}
var userId = gs.getUserID();
var restrictedItemSysId = 'sys_id';
var ritmGr = new GlideRecord('sc_req_item');
ritmGr.addQuery('cat_item', restrictedItemSysId);
ritmGr.addQuery('opened_by', '!=', userId);
ritmGr.query();
var hiddenReqIds = [];
while (ritmGr.next()) {
gs.info('Found RITM: ' + ritmGr.sys_id + ' request: ' + ritmGr.request);
if (ritmGr.request) {
hiddenReqIds.push(ritmGr.request.toString());
}
}
if (hiddenReqIds.length > 0) {
gs.info('Hiding requests: ' + hiddenReqIds.join(','));
current.addQuery('sys_id', 'NOT IN', hiddenReqIds.join(','));
} else {
gs.info('No restricted RITMs found for user ' + userId);
}
})(current, previous);
It is going to else loop no restricted RITM found.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Monday
Hi @s_nandhini
- Navigate to Access Control (ACL) by your security_admin priviledge.
- Create a new ACL:
- Type: Record
- Operation: Read
- Name: sc_req_item
- Script
var yourCatItem = 'SYS_ID_OF_YOUR_ITEM'; // Replace with actual Sys ID if (current.cat_item == yourCatItem) { answer = (gs.getUserID() == current.opened_by || gs.hasRole('admin')); } else { answer = true; }
Create same kind of ACL in Request table and try.
