Restrict the availability of a HR service in case creation page in Agent Workspace

Srinath9 · ‎02-09-2024

Hi Everyone.

How to restrict access for HR services in case creation page in Agent Workspace and Native UI based on Assignment Groups?

Any help is appreciated!

Thanks,

Srinath

Sarika S Nair1 · ‎02-12-2024

Hi @Srinath9

Sorry your requirement cant be achieved by HR criteria.

Write one Before query BR on HR Service so that it will show only limited HR Services to the end user .

For example, if you want to show HR Service 'Payroll discrepancy' to HR Payroll group alone then you can use below script in before query BR.

if(!gs.getUser().isMemberOf('HR Payroll'){ // if logged in user is not member of hr payrolll

current.addEncodedQuery('name!=Payroll Discrepancy); //this will show all HR Services except Payroll

}

If you want to restrict the read and write access to the respective HR Payroll case table then use COE Security Configuration

View solution in original post

Sarika S Nair1 · ‎02-15-2024

Hi @Srinath9 ,

This only given in when to run section right? Please confirm once

Sarika S Nair1 · ‎02-15-2024

@Srinath9

When i check in workspace, i login as a user who is not part of HR Payroll, I am not seeing payroll descrepancy HR service.Please see the attached image.

When i login as a user in HR Payroll group, I am seeing Payroll descrepancy .see below image

and i have used same script in before query BR.see below

Sarika S Nair1 · ‎02-15-2024

Hi @Srinath9 ,

Got the issue in your script.

please correct the encoded query. you are not putting != in quotes. Encoded query should be put in quotes.

Use below line.

current.addEncodedQuery('name!=Payroll Discrepancy');

Srinath9 · ‎02-15-2024

Hi @Sarika S Nair1 ,

I have marked one of your replies, as Correct Solution. Thank so you much for your help on this.

Regards,

Srinath

Rajdeep Ganguly · ‎02-12-2024

Sure, you can restrict access for HR services in case creation page in Agent Workspace and Native UI based on Assignment Groups by using Access Control Lists (ACLs). Here are the steps:

1. Navigate to System Security > Access Control (ACL).
2. Click on New to create a new ACL.
3. In the Name field, enter a name for the ACL.
4. In the Type field, select Record.
5. In the Operation field, select Write.
6. In the Admin Overrides field, select No.
7. In the Table field, select the table you want to restrict access to (for example, HR Case).
8. In the Field field, select the field you want to restrict access to (for example, Assignment Group).
9. In the Requires Role field, enter the role that should have access to the field (for example, hr_case_writer).
10. In the Script field, write a script to check if the user's assignment group matches the assignment group of the HR case. If it does, return true; otherwise, return false.
11. Click on Submit to save the ACL.

Here is a sample script for step 10:

javascript
(function executeRule(current, previous /*null when async*/) {
var user = gs.getUser();
var userGroup = user.getGroups();
while(userGroup.next()) {
if(userGroup.sys_id == current.assignment_group) {
return true;
}
}
return false;
})(current, previous);

This script gets the current user's assignment groups and checks if any of them match the assignment group of the HR case. If they do, the script returns true, allowing the user to write to the field; otherwise, it returns false, preventing the user from writing to the field.

Remember, this is just a sample script. You may need to modify it to fit your specific needs.

nowKB.com

For asking ServiceNow-related questions try this :
For a better and more optimistic result, please visit this website. It uses a Chat Generative Pre-Trained Transformer ( GPT ) technology for solving ServiceNow-related issues.
Link - https://nowgpt.ai/

For the ServiceNow Certified System Administrator exams try this :
https://www.udemy.com/course/servicenow-csa-admin-certification-exam-2023/?couponCode=NOW-DEVELOPER