Restrict Incidents to Only be Resolved if Member Of Group

tiguin2798 · ‎08-13-2024

Hello,

I have a requirement where I am attempting to restrict certain InfoSec incidents with keywords to only be resolved or closed if the current logged in user is a member of our 'SN_Information_Security' group. I believe I am on the right track and my business rule is almost functioning as intended. However, it is this portion in the advanced condition that I am having trouble with.

What is the proper code to have the system check if the current user is not a part of the group to then run this rule? I have the conditions and abort action set if these incidents are changed to resolved or closed, but am new to Java Script.

HIROSHI SATOH · ‎08-13-2024

Substitute the SYS_ID of your group.

(function executeRule(current, previous) {

    // When the incident is marked as resolved
	gs.info('Incident is being resolved. Checking user membership.');
    if (current.state == '6') {
		// Define the group you want to check
		var groupID = '5c77a7f083cc52104dab5dc6feaad366'; // Replace with the sys_id of the group

        // Check if the current user is a member of the "SN_Information_Security" group
        var gr = new GlideRecord('sys_user_grmember');
        gr.addQuery('user', gs.getUserID());
        gr.addQuery('group', groupID);
        gr.query();

        // If the user is not a member, rollback the update
        if (!gr.next()) {
            gs.addErrorMessage('Only users in the SN_Information_Security group can resolve incidents.');
            current.setAbortAction(true); // Prevent the record from being updated
		}    
	}

})(current, previous);

View solution in original post

tiguin2798 · ‎08-15-2024

Thank you so much! This worked perfectly.