Restrict Incidents to Only be Resolved if Member Of Group

Go to solution
tiguin2798
Tera Guru

‎08-13-2024 08:26 AM

Hello,

 

I have a requirement where I am attempting to restrict certain InfoSec incidents with keywords to only be resolved or closed if the current logged in user is a member of our 'SN_Information_Security' group. I believe I am on the right track and my business rule is almost functioning as intended. However, it is this portion in the advanced condition that I am having trouble with.

 

What is the proper code to have the system check if the current user is not a part of the group to then run this rule? I have the conditions and abort action set if these incidents are changed to resolved or closed, but am new to Java Script.

 

tiguin2798_0-1723562741491.png

 

tiguin2798_1-1723562741972.png

 

 

0 Helpfuls
  • 493 Views
1 ACCEPTED SOLUTION

Go to solution
HIROSHI SATOH
Mega Sage
In response to tiguin2798

‎08-13-2024 10:11 PM

Substitute the SYS_ID of your group.

(function executeRule(current, previous) {

    // When the incident is marked as resolved
	gs.info('Incident is being resolved. Checking user membership.');
    if (current.state == '6') {
		// Define the group you want to check
		var groupID = '5c77a7f083cc52104dab5dc6feaad366'; // Replace with the sys_id of the group

        // Check if the current user is a member of the "SN_Information_Security" group
        var gr = new GlideRecord('sys_user_grmember');
        gr.addQuery('user', gs.getUserID());
        gr.addQuery('group', groupID);
        gr.query();

        // If the user is not a member, rollback the update
        if (!gr.next()) {
            gs.addErrorMessage('Only users in the SN_Information_Security group can resolve incidents.');
            current.setAbortAction(true); // Prevent the record from being updated
		}    
	}

})(current, previous);

View solution in original post

5 REPLIES 5

Go to solution
RikV
Tera Expert

‎08-13-2024 08:55 AM

Hello tiguin2798,

 

Try below script in your business rule, and the action will be blocked if the user is not part of the specified group in 'groupSysId'.

 

 

(function executeRule(current, previous /*null when async*/) {
    // Specify the group you want to check for
    var groupSysId = 'YOUR_GROUP_SYS_ID';

    // Get the current user's Sys ID
    var userSysId = gs.getUserID();

    // Initialize a GlideRecord to check if the user is in the group
    var gr = new GlideRecord('sys_user_grmember');
    gr.addQuery('user', userSysId);
    gr.addQuery('group', groupSysId);
    gr.query();

    // If the user is not in the group, stop the action
    if (!gr.hasNext()) {
        gs.addErrorMessage('You are not authorized to perform this action.');
        current.setAbortAction(true);
    }

})(current, previous);

 

0 Helpfuls

Go to solution
HIROSHI SATOH
Mega Sage

‎08-13-2024 09:43 AM

For reference:

Notes:

  • Replace 6 with the appropriate state value for "Resolved" if different in your instance.
  • Ensure that the Business Rule is set to trigger on update and that it runs before the record is updated (before operation).

 

 

// Business Rule: Restrict incident resolution to SN_Information_Security group
(function executeRule(current, previous /*null when async*/) {
    // Check if the incident state is being changed to "Resolved"
    if (current.state.changesTo(6)) { // Assuming "Resolved" state is represented by 6
        var userGroups = new GlideUser().getMyGroups(); // Get the groups of the current user
        var allowedGroup = 'SN_Information_Security';
        
        // Check if the current user is in the allowed group
        if (userGroups.indexOf(allowedGroup) === -1) {
            gs.addErrorMessage('Only users in the SN_Information_Security group can resolve incidents.');
            current.setAbortAction(true); // Prevent the record from being updated
        }
    }
})(current, previous);

 

 

Go to solution
tiguin2798
Tera Guru
In response to HIROSHI SATOH

‎08-13-2024 10:32 AM

Thank you @HIROSHI SATOH for this code! This is almost working as it is restricting the incidents from being updated by users not in the group. However, it appears to also be restricting users that are in the group. I tested with two different users in the allowed group and neither were able to resolve the incidents in this condition. I did attempt to replace the group name with the sysid, but this did not resolve.

Can you please advise?

0 Helpfuls

Go to solution
HIROSHI SATOH
Mega Sage
In response to tiguin2798

‎08-13-2024 10:11 PM

Substitute the SYS_ID of your group.

(function executeRule(current, previous) {

    // When the incident is marked as resolved
	gs.info('Incident is being resolved. Checking user membership.');
    if (current.state == '6') {
		// Define the group you want to check
		var groupID = '5c77a7f083cc52104dab5dc6feaad366'; // Replace with the sys_id of the group

        // Check if the current user is a member of the "SN_Information_Security" group
        var gr = new GlideRecord('sys_user_grmember');
        gr.addQuery('user', gs.getUserID());
        gr.addQuery('group', groupID);
        gr.query();

        // If the user is not a member, rollback the update
        if (!gr.next()) {
            gs.addErrorMessage('Only users in the SN_Information_Security group can resolve incidents.');
            current.setAbortAction(true); // Prevent the record from being updated
		}    
	}

})(current, previous);