Restricting incidents based on caller and a specific group

Chris DeLaPaz
Tera Contributor

49m ago

I have a requirement to hide tickets created by an automation tool to all but a specific group.

I have looked at both ACL's and Before query Business rules and it seems with my requirements Before Query BR's is the most likely.

So, the actual requirement would be something like If caller_id is "autotool" and Assignment group is "Group A" hide Incidents from all except if logged in user is a member of Group A.

I have found results similar to this but sans the caller_id aspect, which is important as they want others to see their other tickets, just not the ones generated from this tool.

I have limited scripting knowledge, and I am hoping someone can help me or point me in the right direction to meet this requirement.

Thanks

0 Helpfuls
  • 76 Views
2 REPLIES 2

Ankur Bawiskar
Tera Patron

37m ago

@Chris DeLaPaz 

already there is OOTB query BR "incident query" on incident, enhance that

restrictIncidents();

function restrictIncidents() {
    if (!gs.hasRole("itil") && !gs.hasRole("sn_incident_read") && gs.isInteractive()) {

        if (gs.hasRole('service_viewer'))
            return;
        if (GlidePluginManager.isActive('sn_fsm_itsm_mng') && gs.hasRole('wm_ext_agent'))
            return;
        if (GlidePluginManager.isActive('com.sn_hamp') && gs.hasRole('sn_hamp.ham_user'))
            return;
        if (GlidePluginManager.isActive('com.sn_ot_inc_mgmt') && gs.hasRole("sn_ot_incident_read"))
            return;
        if (gs.hasRole("sn_sow_srm.srm_responder"))
            return;

        var u = gs.getUserID();
        var autoToolCaller = 'PUT_AUTOTOOL_CALLER_SYS_ID_HERE';
        var groupA = 'PUT_GROUP_A_SYS_ID_HERE';

        var qc = current.addQuery("caller_id", u)
            .addOrCondition("opened_by", u)
            .addOrCondition("watch_list", "CONTAINS", u);

        if (!gs.getUser().isMemberOf(groupA)) {
            current.addQuery('caller_id', '!=', autoToolCaller)
                .addOrCondition('assignment_group', '!=', groupA);
        }
    }
}

💡 If my response helped, please mark it as correct and close the thread 🔒— this helps future readers find the solution faster! 🙏

Regards,
Ankur
Certified Technical Architect  ||  10x ServiceNow MVP  ||  ServiceNow Community Leader
0 Helpfuls

Tanushree Maiti
Mega Patron

29m ago

Hi @Chris DeLaPaz 

 

Option 1 : Using ACL
 

Navigate System Security > Access Control (ACL) and click New.

  • Type: record
  • Operation: read
  • Name: incident (or incident.* to include fields)
  • Set the Condition to: [Caller] [is] [autotool] AND [Assignment group] [is] [Group A]
  • Note: In the Advanced view, check the "Advanced" box to use a script.

ACL Script: 

 

answer = false;

if (gs.getUser().isMemberOf('<sys_id_of_group_a>') || gs.hasRole('admin'))

{ answer = true;

 }

 
Please mark this response as Helpful & Accept it as solution if it assisted you with your question.
Regards
Tanushree Maiti
ServiceNow Technical Architect
Linkedin:
0 Helpfuls