Restrict users to see only their assignment group incidents

Krutika Valanj2 · Thursday

Hello

We have a requirement

1. Logged in User should only see incidents assigned in their assignment group

2.If the user is searching for any incident ticket(ticket is assigned in group which user does not belong to) they should see only Number & Assignment Group fields.

How can we achieve this?

Thanks

Krutika

Dr Atul G- LNG · Thursday

Few more links

https://www.servicenow.com/community/itsm-forum/restrict-users-to-access-incidents-based-on-assignme...

https://www.servicenow.com/community/developer-forum/how-can-i-limit-an-assignment-group-to-view-onl...

*************************************************************************************************************
If my response proves useful, please indicate its helpfulness by selecting " Accept as Solution" and " Helpful." This action benefits both the community and me.

Regards
Dr. Atul G. - Learn N Grow Together
ServiceNow Techno - Functional Trainer
LinkedIn: https://www.linkedin.com/in/dratulgrover
YouTube: https://www.youtube.com/@LearnNGrowTogetherwithAtulG
Topmate: https://topmate.io/dratulgrover [ Connect for 1-1 Session]

****************************************************************************************************************

Dr Atul G- LNG · Thursday

Hi @Krutika Valanj2

Please check these 2 links.

*************************************************************************************************************
If my response proves useful, please indicate its helpfulness by selecting " Accept as Solution" and " Helpful." This action benefits both the community and me.

Regards
Dr. Atul G. - Learn N Grow Together
ServiceNow Techno - Functional Trainer
LinkedIn: https://www.linkedin.com/in/dratulgrover
YouTube: https://www.youtube.com/@LearnNGrowTogetherwithAtulG
Topmate: https://topmate.io/dratulgrover [ Connect for 1-1 Session]

****************************************************************************************************************

sagnicdas · Thursday

Hi @Krutika Valanj2 ,

Please check the solution below that may help you.

Step 1: Restrict List Visibility (Before Query Business Rule)

A Query Business Rule is used to filter out records at the database level so they never even appear in a user's list unless they meet your criteria.

Navigate to System Definition > Business Rules and create a New rule.
Name: Restrict Incident Visibility by Group.
Table: Incident [incident].
When: Before.
Query: Checked.

Advanced Script :

(function executeRule(current, previous /*null when async*/) {
if (gs.hasRole('admin') || !gs.getSession().isInteractive()) {
return;
}

// Get the logged-in user's groups
var myGroups = gs.getUser().getMyGroups();
current.addQuery('assignment_group', 'IN', myGroups);
})(current, previous);

Step 2: Restrict Field Access for Search Results (ACLs)
A Query Business Rule only filters lists. If a user searches for a specific incident number and finds it via Global Search, they might still bypass the rule. To restrict everything except "Number" and "Assignment Group," you must use field-level ACLs.
- Create a Table-Level Read ACL:
  - Type: record.
  - Operation: read.
  - Name: incident.
  - Script: answer = true; (This allows general access to the record so it can be found in search).
- Create a Field-Level Read ACL (Restricting all fields):
  - Type: record.
  - Operation: read.
  - Name: incident.* (The asterisk targets all fields).
  - ```
  Script:
  var myGroups = gs.getUser().getMyGroups();
  answer = myGroups.indexOf(current.assignment_group.toString()) != -1;
```
- Create Field-Level Read ACLs for Exceptions:
  - Create two separate ACLs for the Number and Assignment Group fields.
  - Name: incident.number and incident.assignment_group.
  - Script: answer = true; (This ensures these two fields are always visible even if the * ACL fails).
If you feel this answer helpful for you please mark it as helpful.

Regards,

Sagnic