Script Assistance on "isMemberOf" functionality on Scoped app
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-19-2021 06:01 PM
Hello,
I've been trying to reproduce the isMemberOf functionality in an ACL of a scoped app. What I'm trying to do is limit access to Cases where the company is "X" to members of a certain group.
I referred to a solution provided by SN here: https://docs.servicenow.com/bundle/orlando-security-management/page/product/secops-integration-vr/qualys/concept/advanced-modifications.html I have made a couple of minor adjustments to the script for my purposes and am seeing conflicting information. It's a fairly straightforward script. Just a gliderecord query that returns true or false based on group membership.
- As admin: I see all Cases included the Cases where company is the one I am filtering on (This is correct.)
- When impersonate a user who should not have access, I get that I expect: rows removed by security. (This is correct.)
- When I impersonate a user who is a member of the group, the rows are still removed, but there is no message saying they were removed by security...but they still aren't there. (This is NOT correct. These Cases should all be read only.)
So I believe the criteria is being met as it does not report removing the rows - however it is failing to make the content available as it does when I am admin. I can see it evaluate as false according to a security debug - but I think this is because the return answer of false is not making it.
Here's the script of the Read Only ACL:
answer = isMemberOfForScopedApp();
// Note: standard 'isMemberOf' does not work within Scoped App
// gs.getUser().isMemberOf(current.assignment_group);
function isMemberOfForScopedApp(){
var result = false;
var groupID2 = "X"; // Group: Company X - this is the sys_ID of the company I am trying to filter out.
var userID = gs.getUserID();
//gs.info ("User Id is: " + userID);
var mem = new GlideRecord("sys_user_grmember");
mem.addQuery("group", groupID2);
mem.addQuery("user", userID);
mem.query();
if (mem.next()){
//gs.info ("Membership found. Setting result to true.");
result = true;
}
}
Why isn't this working?
Thank you,
Robert
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-19-2021 10:27 PM
Use
var currentUser = gs.getUser();
var userID =currentUser.getID();
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-22-2021 08:22 AM
Hi Pranesh,
Thank you. This seems to be returning the same value and experiencing the same thing.
I believe the group membership is being found...and there is a change in user experience - as in, there is no message reading that rows were removed by security restraints as there are for other users - but the records still aren't visible.
Regards,
Robert
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-22-2021 08:56 AM
You are not returning the any value from function
answer = isMemberOfForScopedApp();
function isMemberOfForScopedApp(){
var result = false;
var groupID2 = "X"; // Group: Company X - this is the sys_ID of the company I am trying to filter out.
//var userID = gs.getUserID();
var currentUser = gs.getUser();
var userID =currentUser.getID();
//gs.info ("User Id is: " + userID);
var mem = new GlideRecord("sys_user_grmember");
mem.addQuery("group", groupID2);
mem.addQuery("user", userID);
mem.query();
if (mem.next()){
//gs.info ("Membership found. Setting result to true.");
result = true;
}
return result;
}
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-22-2021 08:30 AM
Why can't you use isMemberOf?
That would eliminate the GlideRecord query. I know you said it doesn't work but can I see how you are writing the whole script with it not working?
