Restrict Access to Group member using ACL

MelwinA
Tera Contributor

‎07-06-2025 09:35 AM

I have requirement to restrict access to user if user is member of particular group.
When user is member of particular group, user should see case which is assigned to two groups. For that I wrote below script, but it is not working as expected.
I am using Deny Unless Read ACL for "sn_hr_core_case" table.

if (gs.getUser().isMemberOf('Talent Acquisition Coordination Representative  India') && !gs.getUser().isMemberOf('Talent Acquisition Coordination Representative Manila')) {

            if (current.assignment_group == talentAcqspecialistIndia ||  current.assignment_group == talentAcqIndia) {
                answer = true;
            } else {
                answer = false;
            }
		}else
		{
			answer = true;
		}

The issue here, logged in user is able to see case assigned to the first group in if loop (

talentAcqspecialistIndia). second group after Or condition(
talentAcqIndia) is not working.

 

0 Helpfuls
  • 948 Views
6 REPLIES 6

SD_Chandan
Kilo Sage

‎07-06-2025 09:55 AM - edited ‎07-06-2025 10:14 AM

Hi @MelwinA ,

Your script likely failed because talentAcqspecialistIndia and talentAcqIndia were not defined as sys_id strings or properly initialized.

you can try this approach is your ok with putting sys id of group  :

var talentAcqspecialistIndia = new GlideRecord('sys_user_group');
talentAcqspecialistIndia.get('sys_id_of_group_1'); 

var talentAcqIndia = new GlideRecord('sys_user_group');
talentAcqIndia.get('sys_id_of_group_2'); 

if (gs.getUser().isMemberOf('Talent Acquisition Coordination Representative India') &&
!gs.getUser().isMemberOf('Talent Acquisition Coordination Representative Manila')) {

if (current.assignment_group == talentAcqspecialistIndia.sys_id || current.assignment_group == talentAcqIndia.sys_id) {
answer = true;
} else {
answer = false;
}
} else {
answer = true;
}


Thank you
Chandan
0 Helpfuls

Chaitanya ILCR
Mega Patron

‎07-06-2025 09:57 AM

Hi @MelwinA ,

check if there is any query BR or any other ACL blocking the access

 

try the Access analyzer take a sample case that's assigned to group with which it's not working (talentAcqIndia)

 

refer this video on how to use it

https://www.youtube.com/watch?v=1x62ZwWb8Ao

 

I don't see value assignments for variables talentAcqspecialistIndia and talentAcqIndia (do you have values set in the script?)

 

Please mark my answer as helpful/correct if it resolves your query.

Regards,
Chaitanya

Access Analyzer in ServiceNow | A Vancouver Feature
Access Analyzer in ServiceNow | A Vancouver Feature
youtube.com/watch?v=1x62ZwWb8Ao
If you find these tutorials helpful and want to support the channel, consider buying me a coffee: https://www.buymeacoffee.com/saaswnow. Your support goes a long way in creating more high-quality, useful content!" Today, we're diving deep into a feature of ServiceNow introduced in the Vancouver ...
0 Helpfuls

MelwinA
Tera Contributor
In response to Chaitanya ILCR

‎07-06-2025 10:37 AM

Hi @Chaitanya ILCR 

I have check with Access analyzer. User do not have access to second group in if loop. And there is no any query business rule exist for this group.

0 Helpfuls

MelwinA
Tera Contributor

‎07-06-2025 10:14 AM

@SD_Chandan  I have stored sys in the Property. There is no issue with sys Id. It seems issue with If loop after the Or condition. First condition in the if loop is working fine. after the OR condition it is not working. I have tried interchange the Syis ID in the if loop. Against first condition is working fine. 

 

0 Helpfuls