Restrict the HR case visibility using a Before-Query business rule

mnreddy · ‎10-13-2020

Hello All,

I created a Before-Query business rule to restrict the HR case visibility based on the group membership. If you are a member of group "xyz" then you should see only the HR cases assigned to group "xyz". This is working as expected. However, when a member creates a new HR case with their group as the assignment group and saves the record, they are getting a message "Info Message You do not have permission to read the created record" even though the created record is for their group. When they search the record they can read the data as they have access to read as per the business rule. I am not sure why I am getting that information message as soon as I save the case? Any help is much appreciated. Thank you.

Regards,

Mnreddy.

Ankur Bawiskar · ‎10-16-2020

Hi,

on which table you are checking this

OOB there is 1 query BR on HR Case table

Regards
Ankur

Regards,
Ankur
✨ Certified Technical Architect || ✨ 9x ServiceNow MVP || ✨ ServiceNow Community Leader

View solution in original post

mnreddy · ‎10-27-2020

Hello @Ankur Bawiskar ,

I know this is a closed thread. But while testing the above solution we ran to an issue. With the current set-up we have in place, when an agent transfers one of their case to a different group that they are not part of, existing case state will be set to "cancelled" and a new case will be created with a new case number. Since the old case is still with that agent group they should be able to see that case. However, they are able to see that case in the list view but when they open it, it is opening a "New" hr case form with blank values instead of opening the actual record. Any idea on how to resolve this? Any help is much appreciated. Thank you.

Regards,

Mnreddy.

Ankur Bawiskar · ‎10-27-2020

@mnreddy

looks strange

It should open the same record and not new record

Please check if the issue is occurring for all such cases and raise a HI ticket

Regards,
Ankur
✨ Certified Technical Architect || ✨ 9x ServiceNow MVP || ✨ ServiceNow Community Leader

mnreddy · ‎10-28-2020

Thanks for your response @Ankur Bawiskar . The interesting part is, if I deactivate the new business rule I created everything works fine as the agents have access to all the cases. Even with my new business rule, if agent transfers a case from group A to group B, and if that agent is part of both the groups then everything is working fine. Only issue is, if an agent transfers a case to a new group which they are not part of, the original case details they can see it in the list view but when they open it it is opening a "New" HR case record with empty values. is there any relation between the original case and transferred case that is causing this issue?

Regards,

Mnreddy.

GeoVic Gkou · ‎04-17-2024

Hello @Ankur Bawiskar,
I know this is a closed thread, but i have the following thought:
OOTB Before query business rule is not running for users with sn_hr_core_basic role and that is fine if we assume that users that are not HR Agents may were added in whatchlist or they are the opened for etc.

What do you think about keeping the OOTB one as is and creating a new one as you are describing above that will impact only HR Agents? Will that be considered a good practice?

CelesteGro · ‎08-27-2024

I created a Business Rule under the HR Core scope using the following script: (function executeRule(current, previous /*null when async*/) {
current.addQuery("assignment_group", "javascript&colon;getMyGroups()");
})(current, previous);" However, I encountered the error 'Security constraints prevent access to this record' when a user was closing a case. I updated the Business Rule script using the one you provided, and now it works perfectly. Thank you!