Requirement to allow members of a specific group to edit a closed record
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-07-2022 03:48 PM
Hi,
I have a requirement to allow members of a specific group to edit fields on a closed record. By default fields are set to readonly on closed.
I've tried doing the display BR + onLoad Client script & scripting a UI Policy & ACLs but nothing is working so not sure what to do or what I'm doing wrong.
Seems like this should be pretty straightforward.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-07-2022 04:16 PM
Hi pj,
When working with security rules, the first thing you have to do is make an assessment of what you already have. This will tell you whether you need to modify an existing access control rule, or create a new one.
You will probably find there is an existing write ACL for selected roles, with the condition where the State is not closed. Depending on who needs to be given write access, perhaps it is this access control that needs modifying.
If indeed you need a new access control, then this is straightforward, as you note: a new write ACL, for the entire table, with a selected role as the condition.
If you're getting stuck, you can try debugging your security rules:
ACL debugging tools (ServiceNow documentation)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-07-2022 04:27 PM
Hey
Thanks for your reply. So there definitely are ACLs existing on this table and field. I'm running this based of group membership, not role assignment so I want users that are members of GroupA to be able to edit this field on a closed record. I do not want users with 'itil' to be able to edit though - itil is a role assigned to GroupA.
I hope this clarifies, while itil may be apart of GroupA only members of the group can edit. Users with itil should still see the form readonly unless they are members.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-07-2022 05:38 PM
Hi pj,
I tried this solution and it was working lets see if it works for you :
Create a Write ACL on incident (incident.*)
Script:
var answer = gs.getUser().isMemberOf("Hardware");
answer=true;
then make this UI Policy "Make fields read-only on close" false
Mark Correct or Helpful if it helps.
Thanks,
Yousaf
***Mark Correct or Helpful if it helps.***
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-08-2022 09:55 AM
Hi @Yousaf I applied this but unfortunately it did not work. Maybe as
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-07-2022 07:12 PM
Hi pj,
This requirement for the incident table needs a bit of thought. OOTB, only admins have write access to closed incidents (look at the current .None ACLs for write). (I believe you would need at a minimum a new ACL at the .None level, not .*) But as Yousaf points out, there is a UI Policy to mark fields as read-only, and this also applies to admins.
So you are looking at modifying/creating ACLs and UI Policies in a way to satisfy the requirement, but without disrupting the behavior for other users.
