Join the #BuildWithBuildAgent Challenge! Get recognized, earn exclusive swag, and inspire the ServiceNow Community with what you can build using Build Agent.  Join the Challenge.

Script Hellp!!

Go to solution
vidishaagarwal5
Tera Expert

4 weeks ago

I need to Allow user to generate "Security Incident" via normal Incident record but we have to make sure that logged in user has access to "Security Incident" Table?

0 Helpfuls
  • 2,307 Views
3 ACCEPTED SOLUTIONS

Go to solution
Ravi Gaurav
Giga Sage
Giga Sage

4 weeks ago

Hi @vidishaagarwal5 

 

There are two methods to verify users access for any glide record.

1. Use GlideRecordSecure API while creating security incident. This API implicitly verifies if user passes ACL access on table.
2. Use canRead or canWrite function. These functions implicitly verifies if logged in user satisfies ACL access.

--------------------------------------------------------------------------------------------------------------------------


If you found my response helpful, I would greatly appreciate it if you could mark it as "Accepted Solution" and "Helpful."
Your support not only benefits the community but also encourages me to continue assisting. Thank you so much!

Thanks and Regards
Ravi Gaurav | ServiceNow MVP 2025,2024 | ServiceNow Practice Lead | Solution Architect
CGI
M.Tech in Data Science & AI

 YouTube: https://www.youtube.com/@learnservicenowwithravi
 LinkedIn: https://www.linkedin.com/in/ravi-gaurav-a67542aa/

View solution in original post

0 Helpfuls

Go to solution
Ravi Gaurav
Giga Sage
Giga Sage
In response to Ravi Gaurav

4 weeks ago - last edited 3 weeks ago

or you can opt the below options:

 

 

Option 1: Use gs.hasRole() if specific role exists

If your instance uses a dedicated role like sn_si..special_access_write_manager or sn_si.admin, then your UI Action’s Condition field can simply check that:

 

 
gs.hasRole('sn_si..special_access_write_manage') || gs.hasRole('sn_si.admin')

This ensures only users with proper Security Incident access see or use the button.

Option 2: Use ACL-based table access check

If access is more dynamic (driven by ACLs rather than roles), then you can check access programmatically in your script.

Example (in your UI Action script):

 

 
if (!gs.hasRole('sn_si.admin')) { var canAccess = GlideTableDescriptor.get('sn_si_incident').canWrite(); if (!canAccess) { gs.addErrorMessage('You do not have permission to create a Security Incident.'); action.setRedirectURL(current); return; } } // Proceed to create the Security Incident var si = new GlideRecord('sn_si_incident'); si.initialize(); si.short_description = current.short_description; si.caller = current.caller; si.description = current.description; si.insert(); gs.addInfoMessage('Security Incident ' + si.number + ' has been created.'); action.setRedirectURL(si);

Option 3: Hide or disable the UI Action entirely

If you want the “Create Security Incident” button to only appear for users with access:

Set the Condition on the UI Action as:

 

 
GlideTableDescriptor.get('sn_si_incident').canCreate()
--------------------------------------------------------------------------------------------------------------------------


If you found my response helpful, I would greatly appreciate it if you could mark it as "Accepted Solution" and "Helpful."
Your support not only benefits the community but also encourages me to continue assisting. Thank you so much!

Thanks and Regards
Ravi Gaurav | ServiceNow MVP 2025,2024 | ServiceNow Practice Lead | Solution Architect
CGI
M.Tech in Data Science & AI

 YouTube: https://www.youtube.com/@learnservicenowwithravi
 LinkedIn: https://www.linkedin.com/in/ravi-gaurav-a67542aa/

View solution in original post

0 Helpfuls

Go to solution
Sarthak Kashyap
Mega Sage

4 weeks ago

Hi @vidishaagarwal5 ,

 


Please try below solution

Create a Before BR where table is Incident, After insert and advance checked and add below code 

 

(function executeRule(current, previous /*null when async*/) {

    var siGR = new GlideRecordSecure('sn_si_incident');
    if (!siGR.canCreate()) {
        gs.info('User does not have permission to create Security Incident.');
        return;
    }

    var si = new GlideRecord('sn_si_incident');
    si.initialize();
    si.short_description = current.short_description;
    si.description = current.description;
    si.caller = current.caller_id;
    si.source_incident = current.sys_id; 
    var newSI = si.insert();

    current.u_related_security_incident = newSI;

    gs.info('Security Incident created: ' + newSI);

})(current, previous);

 

Please mark my answer correct and helpful if this works for you

Thanks and Regards,

Sarthak

 

View solution in original post

0 Helpfuls
9 REPLIES 9

Go to solution
GlideFather
Tera Patron
In response to Ravi Gaurav

3 weeks ago

Hi @Ravi Gaurav, thank you for the documentation. I am aware of that and that's actually why I was curious about the role you mentioned >>> sn_si.security_incident_writer:

 

GlideFather_0-1761996413985.png

 

Can you please share where does sn_si.security_incident_writer come from?

Thank you

 

_____
This reply is 100 % GlideFather and 0 % AI
0 Helpfuls

Go to solution
GlideFather
Tera Patron
In response to GlideFather

3 weeks ago

Please @Ravi Gaurav maybe you should inform @vidishaagarwal5 that you edited a reply which was originally accepted for the solution....

 

And when you edit your comment to hide the fact that you used non existing role, be careful about the formatting and two dots :)))

GlideFather_0-1762004466551.png



But it's really interesting that @vidishaagarwal5 asks a very general question, @Ravi Gaurav nor @Sarthak Kashyap need no further explanation of the issue, both answered a few minutes after posting a question and both deliver the exactly desired solution 😄 just wooooow! 

 

And the solution: @Ravi Gaurav replies with non existing roles and @Sarthak Kashyap with a custom field 😄 so none of your examples could work in real world... unless nobody even tried if it works but that wouldn't be nice, right? :))) 

_____
This reply is 100 % GlideFather and 0 % AI
0 Helpfuls

Go to solution
Sarthak Kashyap
Mega Sage

4 weeks ago

Hi @vidishaagarwal5 ,

 


Please try below solution

Create a Before BR where table is Incident, After insert and advance checked and add below code 

 

(function executeRule(current, previous /*null when async*/) {

    var siGR = new GlideRecordSecure('sn_si_incident');
    if (!siGR.canCreate()) {
        gs.info('User does not have permission to create Security Incident.');
        return;
    }

    var si = new GlideRecord('sn_si_incident');
    si.initialize();
    si.short_description = current.short_description;
    si.description = current.description;
    si.caller = current.caller_id;
    si.source_incident = current.sys_id; 
    var newSI = si.insert();

    current.u_related_security_incident = newSI;

    gs.info('Security Incident created: ' + newSI);

})(current, previous);

 

Please mark my answer correct and helpful if this works for you

Thanks and Regards,

Sarthak

 

0 Helpfuls

Go to solution
GlideFather
Tera Patron
In response to Sarthak Kashyap

3 weeks ago

Hi @Sarthak Kashyap,

the following field is custom, no?

u_related_security_incident

 

How did you know that @vidishaagarwal5 uses a custom field without telling you about it? You can read minds? 😮 

 

_____
This reply is 100 % GlideFather and 0 % AI
0 Helpfuls

Go to solution
Sarthak Kashyap
Mega Sage
In response to GlideFather

3 weeks ago

@GlideFather ,

 

I can create some custom feilds and store the reference, this is very general thing.

0 Helpfuls