Find your people. Pick a challenge. Ship something real. The CreatorCon Hackathon is coming to the Community Pavilion for one epic night. Every skill level, every role welcome. Join us on May 5th and learn more here.

Role Based ACL Advanced Script

Matt Steill1
Kilo Contributor

‎05-20-2019 04:32 PM

I am trying to create a custom ACL script so users with the "specifc_group_manager" role have read only access to incident records where the caller has the "specific_group" role. However, we do not want the user with the "specifc_group_manager" role to see incidents where the caller does not have the "specifc_group" role.

my initial thought is the script would look something like below.

1.) is this possible?

2.) how do I get the caller's role? is current.caller_id.hasRole("specific_group") valid?

if(gs.hasRole('specific_group_manager') && current.caller.hasRole("specific_group")){
    answer = true;
}

else {
    answer = false;

}

 

Thanks,
Matt

 

Labels:
0 Helpfuls
  • 7,772 Views
2 REPLIES 2

Mike Allen
Mega Sage

‎05-20-2019 04:51 PM

I don't think that hasRole is valid.  It is used in g_user and gs, which run on the current user.  I would just have a function that queries sys_user_has_role for the caller and return true if the call er has that role.  So, you would have:

 

if(gs.hasRole('specific_group_manager') && userHasRole('specific_group', current.caller)){
    answer = true;
}

else {
    answer = false;

}

 

function userHasRole(role, user){

var user_role = new GlideRecord('sys_user_has_role');

user_role.addQuery('user=' + user + '^role.name=' + role);

user_role.query();

if(user_role.next()){

    return true;

}else{

    return false;

}

 

paulmorris
Giga Sage

‎05-20-2019 05:09 PM

This should do it with only 2 LOC

var gCallerUser = GlideUser.getUserByID(current.getValue('caller'));
answer = gs.hasRole('specific_group_manager') && gCallerUser.hasRole('specific_group');

ServiceNow Nerd
ServiceNow Developer MVP 2020-2022
ServiceNow Community MVP 2019-2022