- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-28-2018 05:33 AM
I am trying to use a before query business rule to control access to Incidents if a user has a certain role based on a field value. With the way our organization is set up, and the way we need access done, using a business rule makes more sense than using ACLs.
I tried to copy the incident query business rule, and modify it to meet my need, but I can't seem to get it to work. Its currently granting access to all records. I think my issue lies with the qc variable.
We have a table set up that contains all of our systems, which is what I am separating on. I would like to say if the u_system field is system one, then a user with a role System 1 Incident Modify can view those records.
if (gs.hasRole("System 1 Incident Modify") && gs.isInteractive()) {
var u = new GlideRecord('u_org_systems');
sys.addQuery('u_org_system_name','CONTAINS','System 1');
sys.query();
sys.next();
var qc = current.addQuery('u_system', u);
gs.print("query restricted to system: " + u);
}Thanks!
Robbie
Solved! Go to Solution.
- Labels:
-
Scripting and Coding
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-28-2018 05:37 AM
Hi
Try this once :-
if (gs.hasRole("System 1 Incident Modify") && gs.isInteractive()) {
var u = new GlideRecord('u_org_systems');
u.addQuery('u_org_system_name','CONTAINS','System 1');
u.query();
while(u.next())
{
var qc = current.addQuery('u_system', u);
gs.print("query restricted to system: " + u);
}
}
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-28-2018 05:37 AM
Hi,
It is not clear why you are using sys. ? where you have declared it ? Please refer below example.
if(!gs.hasRole("itil") && gs.isInteractive()) {
var u = gs.getUserID();
var qc = current.addQuery("caller_id",u).addOrCondition("opened_by",u).addOrCondition("watch_list","CONTAINS",u);
gs.print("query restricted to user: " + u); }
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-28-2018 05:37 AM
Hi
Try this once :-
if (gs.hasRole("System 1 Incident Modify") && gs.isInteractive()) {
var u = new GlideRecord('u_org_systems');
u.addQuery('u_org_system_name','CONTAINS','System 1');
u.query();
while(u.next())
{
var qc = current.addQuery('u_system', u);
gs.print("query restricted to system: " + u);
}
}- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-17-2021 03:57 AM
i want to restrict the attachments on Security incident table only to sn_si_analysts, and the attachments created by end user should only see those attachments, below is the script, can someone help what i am doing wriong here?
function executeRule(current, previous /*null when async*/) {
// Add your code here
if (current.table_name == 'sn_si_incident' && !gs.hasRole('sn_si.analyst) && gs.getSession().isInteractive()) {
var u = gs.getUserName();
var q = current.addQuery('sys_created_by', u);
q.addOrCondition('sys_updated_by', u);
gs.log('query restricted for user: ' + u);
}
})(current, previous);
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-28-2018 05:38 AM
Try with below code,
if (gs.hasRole("System 1 Incident Modify") && gs.isInteractive()) {
var sys = new GlideRecord('u_org_systems');
sys.addQuery('u_org_system_name','CONTAINS','System 1');
sys.query();
if(sys.next()){
var qc = current.addQuery('u_system', u.sys_id);
gs.print("query restricted to system: " + u);
}
}
