Query BR v/s ACL

vinuth v
Tera Expert

‎08-31-2024 01:21 PM

Hi All,

Scenario: 1. Logged in user can only see the incident record which is assigned to a specific group and he should be a member of that group too.

2. Logged in user can only see the incident which is assigned to him.

 

I tried with the Query BR and it is working fine,

(function executeRule(current, previous /*null when async*/) {

    // Add your code here
if(gs.getUser.isMember("8a5055c9c61122780043563ef53438e3"))
{
    current.addQuery("assignment_group",'8a5055c9c61122780043563ef53438e3');
    current.addQuery("assigned_to",gs.getUserID());
}
else{
    return;
}
})(current, previous);
 
Same thing I need to do it using ACL.
Getting confusion in selecting the operation and can any one help me how to do this above scenario in the ACL.
 
Thanks in Advance,
Vinuth
0 Helpfuls
  • 277 Views
3 REPLIES 3

ShubhamGarg
Kilo Sage

‎08-31-2024 01:39 PM

Hello @vinuth v ,

You can create new ACL of type 'Record' and Operation 'Read' and Advanced = true (to define a script logic).

In the script - Write above logic and store its returning value into 'answer' to make ACL work and return appropriate result.

 

if(gs.getUser().isMember("8a5055c9c61122780043563ef53438e3") && current.assigned_to == gs.getUserID())
{
    answer = true;
}
else{
    answer = false;
}

 

If my response helps you in any way, kindly mark this as Accepted Solution/Helpful and help in closing this thread.

Regards,

Shubham

 

0 Helpfuls

Sid_Takali
Kilo Patron
Kilo Patron

‎09-01-2024 04:19 AM - edited ‎09-01-2024 04:19 AM

Hi @vinuth v Try below script

 

(function executeRule(current, previous /*null when async*/) {

    var user = gs.getUser();
    var groupId = '8a5055c9c61122780043563ef53438e3';
    var userId = gs.getUserID();

    if (user.isMemberOf(groupId)) {
        current.addQuery('assignment_group', groupId);
        current.addQuery('assigned_to', userId);
    } else {
        current.addQuery('sys_id', ''); 
    }
})(current, previous);

 

https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB0859355 

0 Helpfuls

HIROSHI SATOH
Mega Sage

‎09-01-2024 04:50 AM

Scenario 1: Logged-in user can only see the incident record which is assigned to a specific group and he should be a member of that group too.

ACL Configuration:

  1. Table: Incident
  2. Operation: Read
  3. Condition:
    • assignment_group == gs.getUser().getGroup() && gs.getUser().isMember(assignment_group)

Explanation:

  • The assignment_group == gs.getUser().getGroup() condition ensures that the incident is assigned to the user's group.
  • The gs.getUser().isMember(assignment_group) condition verifies that the user is a member of the assigned group.

Scenario 2: Logged-in user can only see the incident which is assigned to him.

ACL Configuration:

  1. Table: Incident
  2. Operation: Read
  3. Condition:
    • assigned_to == gs.getUserID()

Explanation:

  • The assigned_to == gs.getUserID() condition checks if the incident is assigned to the current user.

Additional Considerations:

  • ACL Inheritance: If you have a parent ACL that grants read access to the Incident table, you might need to adjust the conditions in the child ACLs to ensure that the desired restrictions are applied.
  • ACL Order: The order of ACLs can affect their behavior. Ensure that the ACLs you create are applied in the correct order to achieve the desired results.
  • Testing: Thoroughly test your ACL configurations to verify that they are working as expected.

I hope this helps!

0 Helpfuls