"Restrict incident views based on the company assigned to the incident

rodrigo Soto · ‎03-26-2024

Hi everyone!

i need to

Restrict incident views based on the company assigned to the incident, and users within a group with that company will only be able to view those incidents.

i am doing it with a Business rule before query and this is my script:

(function executeRule(current, previous /*null when async*/) {

// Check if the 'current' object is defined and not null
if (current) {
// Get the current user
var user = gs.getUser();

// Get all groups associated with the user
var userGroups = user.getGroupRecord();

// Create an array to store the IDs of companies associated with the user's groups
var companyIds = [];

// Iterate through the user's groups
while (userGroups.next()) {
var group = userGroups.getRecord();
var companyId = group.getValue('company');
if (companyId) {
companyIds.push(companyId);
}
}

// Add a query to restrict incidents to those assigned to companies associated with the user's groups
if (companyIds.length > 0) {
current.addQuery('assignment_group.company', 'IN', companyIds);
} else {
// If the user has no groups associated with companies, they should not see any incidents
current.addQuery('number', '=', '0');
}
} else {
gs.error("The 'current' object is not defined or is null.");
}

})(current, previous);

Any ideas?

swathisarang98 · ‎03-26-2024

Hi @rodrigo Soto ,

You can create a view rule to change view based on condition,

System UI -> View Rule

Please mark this comment as Correct Answer/Helpful if it helped you.

Regards,

Swathi Sarang

rodrigo Soto · ‎03-27-2024

I dont really need a condition, i need that when any user log in, they can only see the incidents that are associated with the company that the group of the user is associated. i cant do it one by one, so I want to create a script that does that

M Ismail · ‎03-26-2024

Hi @rodrigo Soto,

Checkout this
https://docs.servicenow.com/bundle/washingtondc-platform-user-interface/page/administer/navigation-a...

Please hit helpful and accept this as a solution if it solved your problem.
Thank you!

Masoom_Patthan · ‎03-29-2024

There are several alternative methods to restrict incident views based on the company assigned to the incident in ServiceNow:

1. Access Control Rules (ACLs): Implement Access Control Rules on the incident table to manage access to records based on specific conditions, such as the company field. By configuring ACLs, you can ensure that users can only view incidents where their company matches the company assigned to the incident. This approach provides centralized control over access permissions.

2. Client Scripts or UI Policies: Utilize client scripts or UI policies to dynamically hide incidents based on the assigned company. These scripts can be applied to the incident form or list view to filter out records that do not match the user's company. While this method doesn't restrict database-level access, it offers a user-friendly way to customize the visibility of incidents.

3. Business Rules (onLoad): Instead of restricting access through queries, employ Business Rules on the incident form (onLoad) to verify if the incident's company aligns with the user's company. If not, you can implement actions such as redirecting the user or displaying a message indicating restricted access. This approach offers flexibility in managing incident visibility based on dynamic conditions.

4. Record Producers: Configure record producers to automatically set the company field based on the user's company when creating incidents. This ensures that incidents are consistently assigned to the correct company, thereby restricting access to users associated with that company. By leveraging record producers, you can enforce data integrity and streamline incident creation processes.

Consider the specific requirements, security policies, and user experience considerations of your organization when selecting the most suitable approach. Ensure compliance with security and data privacy policies while implementing any chosen solution.

Regards,
Masoom