Script Hellp!!

Go to solution
vidishaagarwal5
Tera Expert

yesterday

I need to Allow user to generate "Security Incident" via normal Incident record but we have to make sure that logged in user has access to "Security Incident" Table?

0 Helpfuls
  • 152 Views
3 ACCEPTED SOLUTIONS

Go to solution
Ravi Gaurav
Giga Sage
Giga Sage

yesterday

Hi @vidishaagarwal5 

 

There are two methods to verify users access for any glide record.

1. Use GlideRecordSecure API while creating security incident. This API implicitly verifies if user passes ACL access on table.
2. Use canRead or canWrite function. These functions implicitly verifies if logged in user satisfies ACL access.

--------------------------------------------------------------------------------------------------------------------------


If you found my response helpful, I would greatly appreciate it if you could mark it as "Accepted Solution" and "Helpful."
Your support not only benefits the community but also encourages me to continue assisting. Thank you so much!

Thanks and Regards
Ravi Gaurav | ServiceNow MVP 2025,2024 | ServiceNow Practice Lead | Solution Architect
CGI
M.Tech in Data Science & AI

 YouTube: https://www.youtube.com/@learnservicenowwithravi
 LinkedIn: https://www.linkedin.com/in/ravi-gaurav-a67542aa/

View solution in original post

0 Helpfuls

Go to solution
Ravi Gaurav
Giga Sage
Giga Sage
In response to Ravi Gaurav

yesterday

or you can opt the below options:

 

 

Option 1: Use gs.hasRole() if specific role exists

If your instance uses a dedicated role like sn_si.security_incident_writer or sn_si.admin, then your UI Action’s Condition field can simply check that:

 

 
gs.hasRole('sn_si.security_incident_writer') || gs.hasRole('sn_si.admin')

This ensures only users with proper Security Incident access see or use the button.

Option 2: Use ACL-based table access check

If access is more dynamic (driven by ACLs rather than roles), then you can check access programmatically in your script.

Example (in your UI Action script):

 

 
if (!gs.hasRole('sn_si.security_incident_writer')) { var canAccess = GlideTableDescriptor.get('sn_si_incident').canWrite(); if (!canAccess) { gs.addErrorMessage('You do not have permission to create a Security Incident.'); action.setRedirectURL(current); return; } } // Proceed to create the Security Incident var si = new GlideRecord('sn_si_incident'); si.initialize(); si.short_description = current.short_description; si.caller = current.caller; si.description = current.description; si.insert(); gs.addInfoMessage('Security Incident ' + si.number + ' has been created.'); action.setRedirectURL(si);

Option 3: Hide or disable the UI Action entirely

If you want the “Create Security Incident” button to only appear for users with access:

Set the Condition on the UI Action as:

 

 
GlideTableDescriptor.get('sn_si_incident').canCreate()
--------------------------------------------------------------------------------------------------------------------------


If you found my response helpful, I would greatly appreciate it if you could mark it as "Accepted Solution" and "Helpful."
Your support not only benefits the community but also encourages me to continue assisting. Thank you so much!

Thanks and Regards
Ravi Gaurav | ServiceNow MVP 2025,2024 | ServiceNow Practice Lead | Solution Architect
CGI
M.Tech in Data Science & AI

 YouTube: https://www.youtube.com/@learnservicenowwithravi
 LinkedIn: https://www.linkedin.com/in/ravi-gaurav-a67542aa/

View solution in original post

0 Helpfuls

Go to solution
Sarthak Kashyap
Tera Guru

yesterday

Hi @vidishaagarwal5 ,

 


Please try below solution

Create a Before BR where table is Incident, After insert and advance checked and add below code 

 

(function executeRule(current, previous /*null when async*/) {

    var siGR = new GlideRecordSecure('sn_si_incident');
    if (!siGR.canCreate()) {
        gs.info('User does not have permission to create Security Incident.');
        return;
    }

    var si = new GlideRecord('sn_si_incident');
    si.initialize();
    si.short_description = current.short_description;
    si.description = current.description;
    si.caller = current.caller_id;
    si.source_incident = current.sys_id; 
    var newSI = si.insert();

    current.u_related_security_incident = newSI;

    gs.info('Security Incident created: ' + newSI);

})(current, previous);

 

Please mark my answer correct and helpful if this works for you

Thanks and Regards,

Sarthak

 

View solution in original post

0 Helpfuls
3 REPLIES 3

Go to solution
Ravi Gaurav
Giga Sage
Giga Sage

yesterday

Hi @vidishaagarwal5 

 

There are two methods to verify users access for any glide record.

1. Use GlideRecordSecure API while creating security incident. This API implicitly verifies if user passes ACL access on table.
2. Use canRead or canWrite function. These functions implicitly verifies if logged in user satisfies ACL access.

--------------------------------------------------------------------------------------------------------------------------


If you found my response helpful, I would greatly appreciate it if you could mark it as "Accepted Solution" and "Helpful."
Your support not only benefits the community but also encourages me to continue assisting. Thank you so much!

Thanks and Regards
Ravi Gaurav | ServiceNow MVP 2025,2024 | ServiceNow Practice Lead | Solution Architect
CGI
M.Tech in Data Science & AI

 YouTube: https://www.youtube.com/@learnservicenowwithravi
 LinkedIn: https://www.linkedin.com/in/ravi-gaurav-a67542aa/
0 Helpfuls

Go to solution
Ravi Gaurav
Giga Sage
Giga Sage
In response to Ravi Gaurav

yesterday

or you can opt the below options:

 

 

Option 1: Use gs.hasRole() if specific role exists

If your instance uses a dedicated role like sn_si.security_incident_writer or sn_si.admin, then your UI Action’s Condition field can simply check that:

 

 
gs.hasRole('sn_si.security_incident_writer') || gs.hasRole('sn_si.admin')

This ensures only users with proper Security Incident access see or use the button.

Option 2: Use ACL-based table access check

If access is more dynamic (driven by ACLs rather than roles), then you can check access programmatically in your script.

Example (in your UI Action script):

 

 
if (!gs.hasRole('sn_si.security_incident_writer')) { var canAccess = GlideTableDescriptor.get('sn_si_incident').canWrite(); if (!canAccess) { gs.addErrorMessage('You do not have permission to create a Security Incident.'); action.setRedirectURL(current); return; } } // Proceed to create the Security Incident var si = new GlideRecord('sn_si_incident'); si.initialize(); si.short_description = current.short_description; si.caller = current.caller; si.description = current.description; si.insert(); gs.addInfoMessage('Security Incident ' + si.number + ' has been created.'); action.setRedirectURL(si);

Option 3: Hide or disable the UI Action entirely

If you want the “Create Security Incident” button to only appear for users with access:

Set the Condition on the UI Action as:

 

 
GlideTableDescriptor.get('sn_si_incident').canCreate()
--------------------------------------------------------------------------------------------------------------------------


If you found my response helpful, I would greatly appreciate it if you could mark it as "Accepted Solution" and "Helpful."
Your support not only benefits the community but also encourages me to continue assisting. Thank you so much!

Thanks and Regards
Ravi Gaurav | ServiceNow MVP 2025,2024 | ServiceNow Practice Lead | Solution Architect
CGI
M.Tech in Data Science & AI

 YouTube: https://www.youtube.com/@learnservicenowwithravi
 LinkedIn: https://www.linkedin.com/in/ravi-gaurav-a67542aa/
0 Helpfuls

Go to solution
Sarthak Kashyap
Tera Guru

yesterday

Hi @vidishaagarwal5 ,

 


Please try below solution

Create a Before BR where table is Incident, After insert and advance checked and add below code 

 

(function executeRule(current, previous /*null when async*/) {

    var siGR = new GlideRecordSecure('sn_si_incident');
    if (!siGR.canCreate()) {
        gs.info('User does not have permission to create Security Incident.');
        return;
    }

    var si = new GlideRecord('sn_si_incident');
    si.initialize();
    si.short_description = current.short_description;
    si.description = current.description;
    si.caller = current.caller_id;
    si.source_incident = current.sys_id; 
    var newSI = si.insert();

    current.u_related_security_incident = newSI;

    gs.info('Security Incident created: ' + newSI);

})(current, previous);

 

Please mark my answer correct and helpful if this works for you

Thanks and Regards,

Sarthak

 

0 Helpfuls