Restrict visibility for a especific catalog item

MariaVitorS · 4 hours ago

Hi, everyone! In ServiceNow, I have a specific catalog item that I need to restrict visibility for. After the ticket is opened, only the Requested For and members of the groups assigned to the tasks will be able to see it, both in the table and in the portal.
Can anyone help me do this without affecting the other catalog items?

aruncr0122 · 4 hours ago

Hi @MariaVitorS ,

If you only want to restrict one catalog item and not touch others, you can do it with an ACL on sc_req_item.

First, grab the sys_id of the catalog item you want to restrict.

Create a new read ACL on sc_req_item with a condition like cat_item = <that sys_id>. This makes sure the rule applies only to that item.

In the ACL script, allow access for:

The Requested For

The Requested By

Any user who is part of the assignment groups of the related tasks

Sample script :

(function() {
if (gs.hasRole('admin'))
return true;

var userID = gs.getUserID();

// Requested For or Requested By
if (userID == current.requested_for || userID == current.opened_by)
return true;

// Check if user is in any assignment group of the tasks
var task = new GlideRecord('sc_task');
task.addQuery('request_item', current.sys_id);
task.query();
while (task.next()) {
if (gs.getUser().isMemberOf(task.assignment_group))
return true;
}

return false;
})();

With this in place, only the right people will see the request. Everyone else won’t. And because you tied it to just that catalog item, it won’t affect anything else.

MariaVitorS · 3 hours ago

Hello @aruncr0122 thank you for your response!
I tried the script you sent me and added the condition for the desired item in the “Applies To” and “Data Condition” sections.
Even though none of the requirements are met, it is still possible to see the tickets in the table...

Ankur Bawiskar · 4 hours ago

@MariaVitorS

you can use query business rule on sc_req_item table.

OR
you can also use Table.None READ ACL on sc_req_item table

a) 1 ACL for your catalog item along with the script to check requested for and members of group can see

b) 1 ACL for other catalog item to allow direct visibility

If my response helped please mark it correct and close the thread so that it benefits future readers.

Regards,
Ankur
✨ Certified Technical Architect || ✨ 9x ServiceNow MVP || ✨ ServiceNow Community Leader

MariaVitorS · 3 hours ago

Hello @Ankur Bawiskar , thank you for your reply! I tested some ACL methods and they did not work.
I created a before query business rule with the following script, and even without matching the conditions, it is still possible to view the records. Can you help me?

(function executeRule(current, previous /*null when async*/) {

if (!gs.getSession().isInteractive()) {

return;

}

var userId = gs.getUserID();

var myGroups = gs.getUser().getMyGroups();

var itemSysId = 'xxxxxxxx';

if (current.u_item != itemSysId) {

return;

}

var q = current.addQuery('u_requested_for', userId);

var taskGR = new GlideRecord('table_task');

taskGR.addQuery('u_item', current.sys_id);

taskGR.query();

var allowedGroups = [];

while (taskGR.next()) {

if (taskGR.assignment_group) {

allowedGroups.push(taskGR.assignment_group.toString());

}

if (allowedGroups.length > 0) {

current.addOrCondition('assignment_group', 'IN', allowedGroups.join(','));

}

})();