Required permissions for server script includes ?

JG6
Kilo Guru

Hello Community,

I've got a script include which is called from a client ui script. Which is called in a catalog item. All put into a scoped application. 

The problem is that this only works when the current user has the role admin or snc_internal. Which in my case is too much privileges for the users it is destined for. The server include script is set to be accessible from all application scopes.

My question is if there are fine-grained roles which can be used instead ?

Thx !

 

1 ACCEPTED SOLUTION

It works, but I had to get the roles from somewhere else.

isPublic: function(){
  return gs.getUser().roles.indexOf('role name') > -1;
}

View solution in original post

7 REPLIES 7

Harsh Vardhan
Giga Patron

include the below function  in script include.

isPublic:function(){return true; },

 

Reference:

 

https://docs.servicenow.com/bundle/paris-platform-administration/page/administer/security/reference/...

This solution works. However, I'd like some control over who actually is able to use this script. Because it's sensitive stuff. 

you can include one if else condition .

Sample Code:

 

isPublic:function(){
		if(gs.getSession().getRoles().indexOf('role_name') >-1)
			return true;	
		else
			return false; 
	},

 

Or 

Create one properties and set bunch of roles using comma separated based on your need.

Now call the properties inside script include function to check if logged in user has one of those role or not, check this part in if block , if user has those role then let them go inside script else return false.

 

 

 

It works, but I had to get the roles from somewhere else.

isPublic: function(){
  return gs.getUser().roles.indexOf('role name') > -1;
}