Join the #BuildWithBuildAgent Challenge! Get recognized, earn exclusive swag, and inspire the ServiceNow Community with what you can build using Build Agent.  Join the Challenge.

Restrict groups from selecting HR Services in Create New Case and Transfer a Case

Go to solution
Valerie24
Tera Contributor

3 weeks ago

Looking for help on preventing assignment groups from selecting the below HR Services when using "Create New Case" and "Transfer a Case". Only those who are a member of "Allowed Groups" should be able to select these services.

 

  • Restricted HR Services:

    • 'EA Graduate Program Application'
    • 'EA Partnership Program Application'
    • 'EA Reimbursement Request'

  • Allowed Groups:

    • 'HR L&TD EA Graduate Program Tier 2'
    • 'HR L&TD EA Partnership Program Tier 2'
    • 'HR L&TD EA Reimbursement Program Tier 2'
    • 'System Administrators'
    • 'HR Admin'

Please note, we have ACLs applied to these Services so that Groups outside of the "Allowed Groups" cannot view the submitted cases in the HR Agent View. We are looking at preventing the non-allowed groups from selecting them in the features mentioned above.

 

Any assistance will be greatly appreciated! 

0 Helpfuls
  • 305 Views
1 ACCEPTED SOLUTION

Go to solution
M Iftikhar
Tera Sage

3 weeks ago - last edited 3 weeks ago

Hi @Valerie24,

 

You can handle this by updating the HR Service query inside the getServicesForUser() function of the sn_hr_core.hr_CaseCreation Script Include.
This allows you to filter out specific HR Services unless the user belongs to one of your allowed groups.

To implement this, add the following helper function beneath the existing getServicesForUser() function:

_isMemberOfAllowedGroups: function() {
    var user = gs.getUser();
    var isMember = false;

    var allowedGroups = [
        "60910a8a83d932101fcb74b6feaad3b0",
        "95a1ca8a83d932101fcb74b6feaad36e",
        "f6a1ca8a83d932101fcb74b6feaad3d5",
        "7cb10e8a83d932101fcb74b6feaad3f1",
        "723aa84f5ba02200502f6ede91f91aea"
    ];

    allowedGroups.forEach(function(groupId) {
        if (!isMember && user.isMemberOf(groupId)) {
            isMember = true;
        }
    });

    return isMember;
},

Then, inside getServicesForUser(), immediately after this line:

var hrServices = new GlideRecord("sn_hr_core_service");

add the conditional filtering:

var isAllowed = this._isMemberOfAllowedGroups();
if (!isAllowed) {
    hrServices.addQuery("name", "!=", "EA Graduate Program Application");
    hrServices.addQuery("name", "!=", "EA Partnership Program Application");
    hrServices.addQuery("name", "!=", "EA Reimbursement Request");
}

MIftikhar_0-1763644841312.png


This ensures that only users in the defined Allowed Groups can select the restricted HR Services when using Create New Case or Transfer a Case, while other groups will not see them available for selection.

Your existing ACLs will continue to protect visibility of submitted cases, and this enhancement prevents unauthorized access at the service-selection stage.

If my response helped, please mark it as the accepted solution so others can benefit as well.

Thanks & Regards,
Muhammad Iftikhar

If my response helped, please mark it as the accepted solution so others can benefit as well.

View solution in original post

2 REPLIES 2

Go to solution
M Iftikhar
Tera Sage

3 weeks ago - last edited 3 weeks ago

Hi @Valerie24,

 

You can handle this by updating the HR Service query inside the getServicesForUser() function of the sn_hr_core.hr_CaseCreation Script Include.
This allows you to filter out specific HR Services unless the user belongs to one of your allowed groups.

To implement this, add the following helper function beneath the existing getServicesForUser() function:

_isMemberOfAllowedGroups: function() {
    var user = gs.getUser();
    var isMember = false;

    var allowedGroups = [
        "60910a8a83d932101fcb74b6feaad3b0",
        "95a1ca8a83d932101fcb74b6feaad36e",
        "f6a1ca8a83d932101fcb74b6feaad3d5",
        "7cb10e8a83d932101fcb74b6feaad3f1",
        "723aa84f5ba02200502f6ede91f91aea"
    ];

    allowedGroups.forEach(function(groupId) {
        if (!isMember && user.isMemberOf(groupId)) {
            isMember = true;
        }
    });

    return isMember;
},

Then, inside getServicesForUser(), immediately after this line:

var hrServices = new GlideRecord("sn_hr_core_service");

add the conditional filtering:

var isAllowed = this._isMemberOfAllowedGroups();
if (!isAllowed) {
    hrServices.addQuery("name", "!=", "EA Graduate Program Application");
    hrServices.addQuery("name", "!=", "EA Partnership Program Application");
    hrServices.addQuery("name", "!=", "EA Reimbursement Request");
}

MIftikhar_0-1763644841312.png


This ensures that only users in the defined Allowed Groups can select the restricted HR Services when using Create New Case or Transfer a Case, while other groups will not see them available for selection.

Your existing ACLs will continue to protect visibility of submitted cases, and this enhancement prevents unauthorized access at the service-selection stage.

If my response helped, please mark it as the accepted solution so others can benefit as well.

Thanks & Regards,
Muhammad Iftikhar

If my response helped, please mark it as the accepted solution so others can benefit as well.

Go to solution
M Iftikhar
Tera Sage
In response to M Iftikhar

3 weeks ago

Hi @Valerie24,

 

If this solution helped, please consider marking it as accepted solution to support the community.

 

Thanks & Regards,
Muhammad Iftikhar

If my response helped, please mark it as the accepted solution so others can benefit as well.

0 Helpfuls