Role permissions

Nataliia_Lova · ‎01-07-2024

Hi folks!
I'm new in ServiceNow Development and creating my first scoped app. The requirements for roles are: a user role who can read, an agent who can create, write and read, admin role who can read, write, create and delete, also I have requirements for Users in "Caller," "Opened for," and "Watch List" Fields:
These users should always be granted read permissions to their own requests.

Where can I adjust this last requirement?

ahefaz1 · ‎01-07-2024

Hi @Nataliia_Lova ,

You will need to create a read ACL with the advanced checkbox as true.

You can then add the below code to the script section of the ACL.

answer = false;

var currentUserId = gs.getUserID()
// Check if it's the user for whom the case was opened for
if (!gs.nil(current.opened_for) && current.getValue("opened_for") == currentUserId) {
    answer = true;
}
// Check if the user is in the watch list field
if (!gs.nil(current.watch_list) && current.watch_list.indexOf(currentUserId) > -1) {
    answer = true;
}

// Check if the user is in the caller field
if (!gs.nil(current.caller) && current.getValue("caller") == currentUserId) {
    answer = true;
}

This should solve your issue with run time access.

Please mark helpful if this helped or accept the solution if it solved your query.

Thanks,

View solution in original post

Dr Atul G- LNG · ‎01-07-2024

Hi @Nataliia_Lova

I'm new in ServiceNow Development and creating my first scoped app.

The requirements for roles are: a user role who can read,

Atul: See, when you created the scope app, you get few role OOTB ,

Example from Global Scope

an agent who can create, write and read, admin role who can read, write, create and delete,

Atul: Give all role to user created as above

also I have requirements for Users in "Caller," "Opened for," and "Watch List" Fields:
These users should always be granted read permissions to their own requests.

Atul: Caller / Opened For/ Watch List is always dynamics, you may need create script which provide run time access but role will be like above.

Where can I adjust this last requirement?

*************************************************************************************************************
If my response proves useful, please indicate its helpfulness by selecting " Accept as Solution" and " Helpful." This action benefits both the community and me.

Regards
Dr. Atul G. - Learn N Grow Together
ServiceNow Techno - Functional Trainer
LinkedIn: https://www.linkedin.com/in/dratulgrover
YouTube: https://www.youtube.com/@LearnNGrowTogetherwithAtulG
Topmate: https://topmate.io/atul_grover_lng [ Connect for 1-1 Session]

****************************************************************************************************************

Nataliia_Lova · ‎01-07-2024

Ok, may you suggest to me where can I get the information about how to create a script that provides run-time access?

Dr Atul G- LNG · ‎01-07-2024

Hi @Nataliia_Lova

i am not a big or small coder, so it is something I cant help much but idea

- Create a Business Rule (Query Type )

- Check the logged in user is caller / Opened For or in Watch list

- If yes, make record read only.

You can search this code and make changes easily.

*************************************************************************************************************
If my response proves useful, please indicate its helpfulness by selecting " Accept as Solution" and " Helpful." This action benefits both the community and me.

Regards
Dr. Atul G. - Learn N Grow Together
ServiceNow Techno - Functional Trainer
LinkedIn: https://www.linkedin.com/in/dratulgrover
YouTube: https://www.youtube.com/@LearnNGrowTogetherwithAtulG
Topmate: https://topmate.io/atul_grover_lng [ Connect for 1-1 Session]

****************************************************************************************************************

ahefaz1 · ‎01-07-2024