Query business rule is not allowing the "requested for" to see catalog task

Rhonda9 · ‎05-24-2025

Hello,

I am trying to add an additional condition to my query business rule that will restrict the catalog only users with the pso_info_security role, It is restricting to the role and opened by but not when I add "requested_for" into the business rule. When I add the requested for, the restriction no longer works. What am I doing wrong? I removed the extra condition. Please help.

(function executeRule(current, previous ) {

if(!gs.hasRole("pso_info_security")) { //the user is not a member of pso_fraud or information security or an admin

var userID=gs.getUserID();

var itemID='448d32c91bdda214d058c992604bcb28';

var encodedQuery="request_item.cat_item !="+ itemID + "^ORrequest_item.opened_by=" +userID;

current.addEncodedQuery(encodedQuery);

}

})(current, previous);

Ankur Bawiskar · ‎05-26-2025

@Rhonda9

try this

(function executeRule(current, previous) {
    // If the user does NOT have the pso_info_security role
    if (!gs.hasRole("pso_info_security")) {
        var userID = gs.getUserID();
        var itemID = '448d32c91bdda214d058c992604bcb28';

        // Only allow if the user is opened_by or requested_for
        // Block the item for others
        var encodedQuery = "request_item.cat_item!=" + itemID +
                           "^ORrequest_item.opened_by=" + userID +
                           "^ORrequest_item.requested_for=" + userID;

        current.addEncodedQuery(encodedQuery);
    }
})(current, previous);

If my response helped please mark it correct and close the thread so that it benefits future readers.

Regards,
Ankur
✨ Certified Technical Architect || ✨ 9x ServiceNow MVP || ✨ ServiceNow Community Leader

View solution in original post

Robert H · ‎05-24-2025

Hello @Rhonda9 ,

There seems to be a logical issue in your encoded query.

I believe your requirement is to let users only see a Catalog Task when the following is true:

the task does not belong to a request for the specific Catalog Item referenced in "itemID"
AND
the current user is either the Opened by OR Requested for user of the request

But right now your query is using an OR instead of the AND. This means that the user will see all tasks that are not related to the "itemID" Catalog Item because if this condition is satisfied then the other parts of the query are not even evaluated.

So please update your script as follows:

...
var encodedQuery = gs.getMessage(
    'request_item.cat_item!={0}^request_item.opened_by={1}^ORrequest_item.requested_for={1}', 
    [itemID, userID]);

current.addEncodedQuery(encodedQuery);
...

Or you can also write like this, which I believe is easier to read:

current.addQuery('request_item.cat_item', '!=', itemID);
current.addQuery('request_item.opened_by', userID)
    .addOrCondition('request_item.requested_for', userID);

Regards,

Robert

Rhonda9 · ‎05-26-2025

Hi Robert, I tried adding the script you provided into my business rule and the restriction no longer works. What I am trying to do is restrict the catalog tasks to only allow users with the pso_info_security role along with the requested for and opened by to be able to see the catalog requests.

Robert H · ‎05-26-2025

Hello @Rhonda9 ,

Yes, that part I understood. But there's still the matter of that specific Catalog Item referenced in "itemID". Who shall be able to see the tasks related to this item? Only the "pso_info_security" users, or everyone? The solution I provided assumes the former.

Regards,

Robert

Rhonda9 · ‎05-26-2025

The pso_info_security users, requested for and the opened by should see the task.