Restrict Access to Group member using ACL

MelwinA
Tera Contributor

I have requirement to restrict access to user if user is member of particular group.
When user is member of particular group, user should see case which is assigned to two groups. For that I wrote below script, but it is not working as expected.
I am using Deny Unless Read ACL for "sn_hr_core_case" table.

if (gs.getUser().isMemberOf('Talent Acquisition Coordination Representative  India') && !gs.getUser().isMemberOf('Talent Acquisition Coordination Representative Manila')) {

            if (current.assignment_group == talentAcqspecialistIndia ||  current.assignment_group == talentAcqIndia) {
                answer = true;
            } else {
                answer = false;
            }
		}else
		{
			answer = true;
		}

The issue here, logged in user is able to see case assigned to the first group in if loop (

talentAcqspecialistIndia). second group after Or condition(
talentAcqIndia) is not working.

 

6 REPLIES 6

SD_Chandan
Kilo Sage

Hi @MelwinA ,

Your script likely failed because talentAcqspecialistIndia and talentAcqIndia were not defined as sys_id strings or properly initialized.

you can try this approach is your ok with putting sys id of group  :

var talentAcqspecialistIndia = new GlideRecord('sys_user_group');
talentAcqspecialistIndia.get('sys_id_of_group_1'); 

var talentAcqIndia = new GlideRecord('sys_user_group');
talentAcqIndia.get('sys_id_of_group_2'); 

if (gs.getUser().isMemberOf('Talent Acquisition Coordination Representative India') &&
!gs.getUser().isMemberOf('Talent Acquisition Coordination Representative Manila')) {

if (current.assignment_group == talentAcqspecialistIndia.sys_id || current.assignment_group == talentAcqIndia.sys_id) {
answer = true;
} else {
answer = false;
}
} else {
answer = true;
}


Thank you
Chandan

Chaitanya ILCR
Kilo Patron

Hi @MelwinA ,

check if there is any query BR or any other ACL blocking the access

 

try the Access analyzer take a sample case that's assigned to group with which it's not working (talentAcqIndia)

 

refer this video on how to use it

https://www.youtube.com/watch?v=1x62ZwWb8Ao

 

I don't see value assignments for variables talentAcqspecialistIndia and talentAcqIndia (do you have values set in the script?)

 

Please mark my answer as helpful/correct if it resolves your query.

Regards,
Chaitanya

If you find these tutorials helpful and want to support the channel, consider buying me a coffee: https://www.buymeacoffee.com/saaswnow. Your support goes a long way in creating more high-quality, useful content!" Today, we're diving deep into a feature of ServiceNow introduced in the Vancouver ...

Hi @Chaitanya ILCR 

I have check with Access analyzer. User do not have access to second group in if loop. And there is no any query business rule exist for this group.

MelwinA
Tera Contributor

@SD_Chandan  I have stored sys in the Property. There is no issue with sys Id. It seems issue with If loop after the Or condition. First condition in the if loop is working fine. after the OR condition it is not working. I have tried interchange the Syis ID in the if loop. Against first condition is working fine.