Restrict Access by Group
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-03-2019 07:12 AM
Hi Community,
I have a requirement to restrict access to table records based on the users group;
We have 6 groups as follows;
Group 1 - Based offsite - restrict access to only tickets where the user(s) is a member of Group 1 and are present in one or more of the following fields; requester", "behalf of" or contained in the "assigned to" list.
Group 2 - Based in Australia -restrict access to only tickets where the user(s) is a member of Group 2 and are present in one or more of the following fields; requester", "behalf of" or contained in the "assigned to" list. PLUS Group 1 tickets.
Group 3/4/5/6 - Based in London - Restrict access to only tickets where user(s) is a member of either Group 3/4/5/6 and are present in one or more of the following fields; requester", "behalf of" or contained in the "assigned to" list. PLUS Group 1 tickets.
In summary;
Offsite can only access their tickets.
Australia can access their tickets, plus offsite tickets
London can access their tickets, plus offsite tickets
What would be the best approach, using the groups, or user locations? Business Rules or ACL's?
- Labels:
-
Scripting and Coding
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-03-2019 07:55 AM
How about a query business rule?
Please mark my response as correct and helpful if it helped solved your question.
-Thanks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-09-2019 02:42 AM
Hi Prateek,
I have looked at this post and am struggling to make this work as it relies on an assignment group field. The table i am working on does not have a reference to a group field.
I need to restrict by the logged in users groups.
For example if the logged in user is a member of Group 1 and Group 2 display all tickets where the the users who are contained in either of the following fields;
u_requester
u_on_behalf_of
u_assigned_users are also members of Group 1 and Group 2.
Is this achievable?
Many Thanks
Nat
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-09-2019 03:53 AM
Hi,
yes it can still be done till the point you are using the target table's field during the query in your script
sample script:
if(gs.getUser().isMemberOf('Group 1')){
current.addQuery('u_requester', gs.getUserID());
}
if(gs.getUser().isMemberOf('Group 2')){
current.addQuery('u_on_behalf_of ', gs.getUserID());
}
Mark Correct if this solves your issue and also mark Helpful if you find my response worthy based on the impact.
Thanks
Ankur
Ankur
✨ Certified Technical Architect || ✨ 9x ServiceNow MVP || ✨ ServiceNow Community Leader
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-09-2019 04:40 AM
Requirements seem to be identical for the groups - there a scripted ACL could work.
For example:
if (gs.getUser().isMemberOf(current.assignment_group) &&(gs.getUserID() == current.requester || gs.getUserID().u_behalf_of || .... )
answer = true;
else
answer =false;
Then please maintain group membership for example like this:
Group 1 - all users in scope
Group 2 - Australia users
Group 3/4/5/6 - London users
