Role Based ACL Advanced Script

Matt Steill1 · ‎05-20-2019

I am trying to create a custom ACL script so users with the "specifc_group_manager" role have read only access to incident records where the caller has the "specific_group" role. However, we do not want the user with the "specifc_group_manager" role to see incidents where the caller does not have the "specifc_group" role.

my initial thought is the script would look something like below.

1.) is this possible?

2.) how do I get the caller's role? is current.caller_id.hasRole("specific_group") valid?

if(gs.hasRole('specific_group_manager') && current.caller.hasRole("specific_group")){
answer = true;
}

else {
answer = false;

}

Thanks,
Matt

Mike Allen · ‎05-20-2019

I don't think that hasRole is valid. It is used in g_user and gs, which run on the current user. I would just have a function that queries sys_user_has_role for the caller and return true if the call er has that role. So, you would have:

if(gs.hasRole('specific_group_manager') && userHasRole('specific_group', current.caller)){
answer = true;
}

else {
answer = false;

}

function userHasRole(role, user){

var user_role = new GlideRecord('sys_user_has_role');

user_role.addQuery('user=' + user + '^role.name=' + role);

user_role.query();

if(user_role.next()){

return true;

}else{

return false;

}

The SN Nerd · ‎05-20-2019

This should do it with only 2 LOC

var gCallerUser = GlideUser.getUserByID(current.getValue('caller'));
answer = gs.hasRole('specific_group_manager') && gCallerUser.hasRole('specific_group');

ServiceNow Nerd
ServiceNow Developer MVP 2020-2022
ServiceNow Community MVP 2019-2022