Restrict access to work notes
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-12-2026 02:42 PM
I am wanting to restrict access to compose work notes and see posted work notes from the assignment group that is working on an incident, when a technician with an itil license is the caller. I have a role created and a group created to have those users put into already. I have tried creating ACLs for the sys_journal_field for read and a ACL for incident.work_notes write, but the caller (tech) can still see and compose work notes. Now we also want these techs to also continue to have full access to work notes when they are not the caller on the incident.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-12-2026 08:56 PM
Hi @kmbeck2 ,
OOB , Work notes visible for internal and external forms in Service Portal
To Restrict worknotes for specific role/group, check whether proper ACL with required script for validation is in place.
Refer: https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB2324765
The following sample Read ACL script restricts access to work notes. The script checks if the current user has one of the allowed roles (in this case, admin or agent). If not, it denies access to the work notes by setting the value to Restricted.
(function executeRule(current, previous /*null when async*/) {
// Define the roles that are allowed to view work notes
var allowedRoles = ['admin', 'agent'];
// Check if the current user has one of the allowed roles
if (!allowedRoles.includes(gs.getUser().getRoles())) {
// If not, deny access to work notes
current.setValue('work_notes', 'Restricted');
}
})(current, previous);
