Planned start /end date should be editable for admin and Group A in all states

Anupriya_11 · 3 weeks ago

Hi Team ,

I have a requirement where the Planned Start Date and Planned End Date should be editable in all states for Admin users and members of Group A . For users who are not part of Group A, these fields should be editable only when the record is in the New state on On change form ,.

Could someone please assist with how to achieve this

Thank you

GlideFather · 3 weeks ago

Enjoy Vegas @Dr Atul G- LNG!

No, I have read it correctly and you actually said that:

"You would need to write a Business Rule (BR) that checks or adds the ACL."

So instead of assessing my reading skills, could you possibly explain how can a BR check or add ACL? :))

_____
Answers generated by GlideFather. Check for accuracy.

Tanushree Maiti · 3 weeks ago

Hi @Anupriya_11

Option1: a. Create a Write ACL on Planned Start Date[start_date]

Navigate to System Security > Access Control (ACL) and click New.
Operation: write
Name:change_request and select Planned Start Date[start_date] from the field dropdown.

ACL Script:

answer = checkEditable();

function checkEditable() {
       if (gs.hasRole('admin')) 
{
        return true;
    }    
if (gs.getUser().isMemberOf('Group A')) { // Replace 'Group A' with group's Sys ID
        return true;
    }

      if (current.state == -5)  //assuming -5 is new state
{
        return true;
    }

    return false;
}

b. Repeat the process for i.e Create a Write ACL on Planned End Date[end_date]

Option2: Using UI policy ,Ui policy action and ui policy script - it can be done.

Option3 .

a.Create a Display Business rule to check if the user is in Group A or has the Admin role

Sample code:

(function executeRule(current, previous /*null when async*/) {

g_scratchpad.isGroupA = gs.getUser().isMemberOf('Group A') || gs.hasRole('admin');

})(current, previous);

b. Using scratchpad variable to determine if the fields should be locked . Write a onLoad Client script

function onLoad() {

if (g_scratchpad.isGroupA)

{

return;

}

var state = g_form.getValue('state');

if (state != '-5') { // '-5' is the OOB 'New' state

g_form.setReadOnly('start_date', true);

g_form.setReadOnly('end_date', true);

}

Please mark this response as Helpful & Accept it as solution if it assisted you with your question.
Regards
Tanushree Maiti
ServiceNow Technical Architect
Linkedin:

ChallaR · 3 weeks ago

HI @Anupriya_11 ,

please find the below recommended script -

Business Rule (Before Update)

When: before update
Condition: leave empty (handled in script)

(function executeRule(current, previous /*null when async*/) {

    var isAdmin = gs.hasRole('admin');
    var isGroupA = gs.getUser().isMemberOf('Group A');

    // If user is NOT admin and NOT in Group A
    if (!(isAdmin || isGroupA)) {

        // Allow editing only when state is New
        if (current.state != 'new') {

            if (current.planned_start_date.changes() || current.planned_end_date.changes()) {
                gs.addErrorMessage('You can edit Planned Start Date and End Date only in New state.');
                current.setAbortAction(true);
            }

        }
    }

})(current, previous);

NOTE -
Make sure "Group A" is the exact group name
Confirm that 'new' is the actual state value (sometimes it might be 1 instead of 'new' depending on your setup)

Thanks,

Rithika.ch

GlideFather · 3 weeks ago

Hi @ChallaR,

may I ask you why do you recommend an approach with BR? your business rule has no conditions so it will triggered ALWAYS! How that can be recommended script? By whom?

Your code has a condition

if (current.planned_start_date.changes() || current.planned_end_date.changes()) {

but it is after it was already triggered. Wouldn't it be better to make the BR's condition to be executed only if one of the 2 fields changes? This would trigger your BR for every record change to evaluate false, it is better not to trigger it if not possible.

Not only that, also your BR will abort the operation so the user spends time on updating a record and then after submission it will not be saved, it will lead to confusions and eventual data loss as the record will not be saved and end user might not notice.

Wouldn't it be better to apply ACL and if the user is not allowed to update a field, then it will be directly read-only with no confusion and directly when loaded? Instead of finding that they are missing rights after time spent on it for nothing?

This question comes with good intentions, I am trying to understand this approach, can you explain your motivations?

Thanks!

EDIT:

Also wondering about the notes in the end:

Make sure "Group A" is the exact group name
- GF: that shall be handled by sys ID, no?
Confirm that 'new' is the actual state value (sometimes it might be 1 instead of 'new' depending on your setup)
- GF: be careful about the state value

_____
Answers generated by GlideFather. Check for accuracy.

GlideFather · 3 weeks ago

@ChallaR, any chance to discuss your approach?

_____
Answers generated by GlideFather. Check for accuracy.