Join the #BuildWithBuildAgent Challenge! Get recognized, earn exclusive swag, and inspire the ServiceNow Community with what you can build using Build Agent.  Join the Challenge.

Role Based ACL Advanced Script

Matt Steill1
Kilo Contributor

‎05-20-2019 04:32 PM

I am trying to create a custom ACL script so users with the "specifc_group_manager" role have read only access to incident records where the caller has the "specific_group" role. However, we do not want the user with the "specifc_group_manager" role to see incidents where the caller does not have the "specifc_group" role.

my initial thought is the script would look something like below.

1.) is this possible?

2.) how do I get the caller's role? is current.caller_id.hasRole("specific_group") valid?

if(gs.hasRole('specific_group_manager') && current.caller.hasRole("specific_group")){
    answer = true;
}

else {
    answer = false;

}

 

Thanks,
Matt

 

Labels:
0 Helpfuls
  • 7,299 Views
2 REPLIES 2

Mike Allen
Mega Sage

‎05-20-2019 04:51 PM

I don't think that hasRole is valid.  It is used in g_user and gs, which run on the current user.  I would just have a function that queries sys_user_has_role for the caller and return true if the call er has that role.  So, you would have:

 

if(gs.hasRole('specific_group_manager') && userHasRole('specific_group', current.caller)){
    answer = true;
}

else {
    answer = false;

}

 

function userHasRole(role, user){

var user_role = new GlideRecord('sys_user_has_role');

user_role.addQuery('user=' + user + '^role.name=' + role);

user_role.query();

if(user_role.next()){

    return true;

}else{

    return false;

}

 

The SN Nerd
Giga Sage
Giga Sage

‎05-20-2019 05:09 PM

This should do it with only 2 LOC

var gCallerUser = GlideUser.getUserByID(current.getValue('caller'));
answer = gs.hasRole('specific_group_manager') && gCallerUser.hasRole('specific_group');

ServiceNow Nerd
ServiceNow Developer MVP 2020-2022
ServiceNow Community MVP 2019-2022