- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-21-2024 01:36 PM
Hi All,
I am looking at restricting child hr groups so that they can only view the cases within their group
e.g.
Group A to only see cases assigned under Group A group
Group B to only see cases assigned under Group B group
Group C to only see cases assigned under Group C group
I then want the parent group of the above groups to still be able to view all of the child groups cases despite the restrictions put onto each group.
Does anyone have any ideas OOTB or scripted on how this could be completed?
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-21-2024 01:40 PM
Hi there @TobyDaley
You can use ServiceNow's access control mechanisms combined with role-based permissions. First, create distinct roles for each child group (e.g., `hr_group_a`, `hr_group_b`, `hr_group_c`) and assign these roles to the respective users.
Then, set up ACLs for the `sn_hr_core_case` table to ensure that users can only read cases assigned to their group. For example, use a condition in the ACL like `current.assignment_group.name == "Group A"` for Group A. For the parent group, create a `hr_group_parent` role and assign it to users who need to see all cases.
Modify the ACLs to allow broader access for users with the parent role by adding a condition like `gs.hasRole('hr_group_parent') || current.assignment_group.name == gs.getUser().getGroupName()`. This ensures that while child groups have restricted visibility, the parent group can access all cases, fulfilling both your visibility and restriction requirements.
Hope this helps, kindly accept the answer if it did thanks.
Kind Regards,
Mohamed Azarudeen Z
Developer @ KPMG
Microsoft MVP (AI Services), India
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-21-2024 01:40 PM
Hi there @TobyDaley
You can use ServiceNow's access control mechanisms combined with role-based permissions. First, create distinct roles for each child group (e.g., `hr_group_a`, `hr_group_b`, `hr_group_c`) and assign these roles to the respective users.
Then, set up ACLs for the `sn_hr_core_case` table to ensure that users can only read cases assigned to their group. For example, use a condition in the ACL like `current.assignment_group.name == "Group A"` for Group A. For the parent group, create a `hr_group_parent` role and assign it to users who need to see all cases.
Modify the ACLs to allow broader access for users with the parent role by adding a condition like `gs.hasRole('hr_group_parent') || current.assignment_group.name == gs.getUser().getGroupName()`. This ensures that while child groups have restricted visibility, the parent group can access all cases, fulfilling both your visibility and restriction requirements.
Hope this helps, kindly accept the answer if it did thanks.
Kind Regards,
Mohamed Azarudeen Z
Developer @ KPMG
Microsoft MVP (AI Services), India
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-22-2024 02:01 PM
Thank you Azar this is really helpful!!
