Query BR to restrict ritm of specific catalog item for non assignment group members
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-15-2024 11:16 PM
Hi Team ,
I would like to restrict ritms of specific catalog item to any user who is not member of assignment group and who is not member of group named 'x'
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-15-2024 11:22 PM
Why are you looking for Query BR? you can go with ACL.
Write a read acl on sc_req_item and write the code in script box to check for assignment group.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-16-2024 12:01 AM
its mandatory to provide role in ACL , I dont have any role to give in acl. and query BR is recommended as OOTB ACL's might provided access
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-16-2024 02:25 AM
You could have something like this -
var RITMRestrictionHelper = Class.create();
RITMRestrictionHelper.prototype = {
initialize: function() {},
getValidRITMs: function(current) {
var userId = gs.getUserID();
var groupXId = 'sys_id'; // Replace with the Sys ID of group 'x'
// Log the current user ID for tracking
gs.info("RITMRestrictionHelper: Current User ID: " + userId);
// Get the assignment group from the current RITM
var grGroupMember = new GlideRecord('sys_user_grmember');
grGroupMember.addQuery('user', userId);
grGroupMember.addQuery('group', current.assignment_group); // Check if user is in the RITM's assignment group
grGroupMember.query();
// Construct the query to return allowed RITM sys_ids
var allowedRITMIds = [];
if (grGroupMember.hasNext()) {
// User is part of the assignment group, allow all RITMs for that group
gs.info("RITMRestrictionHelper: User is part of the assignment group: " + current.assignment_group);
allowedRITMIds.push(current.assignment_group);
} else {
// User is not part of the assignment group, check for group 'x'
var grGroupX = new GlideRecord('sys_user_grmember');
grGroupX.addQuery('user', userId);
grGroupX.addQuery('group', groupXId); // Check if user is in group 'x'
grGroupX.query();
if (!grGroupX.hasNext()) {
gs.info("RITMRestrictionHelper: User is NOT a member of group 'x', proceeding to allow other RITMs.");
var ritmGr = new GlideRecord('sc_req_item');
ritmGr.addQuery('assignment_group', '!=', groupXId); // Exclude RITMs assigned to group 'x'
ritmGr.query();
while (ritmGr.next()) {
allowedRITMIds.push(ritmGr.sys_id);
}
gs.info("RITMRestrictionHelper: Allowed RITM sys_ids: " + allowedRITMIds.join(', '));
} else {
gs.info("RITMRestrictionHelper: User is a member of group 'x', restricting access.");
}
}
// Return query string for the allowed RITM sys_ids
if (allowedRITMIds.length > 0) {
gs.info("RITMRestrictionHelper: Returning allowed RITM query: sys_idIN" + allowedRITMIds.join(','));
return 'sys_idIN' + allowedRITMIds.join(',');
} else {
gs.info("RITMRestrictionHelper: No allowed RITMs found, restricting access.");
return 'sys_id=-1'; // If no allowed RITMs, restrict access
}
},
type: 'RITMRestrictionHelper'
};
You might need to tweak it a bit go get the outcome as I had tried it on my PDI for incident.
