Script Include returning null for a user who is not an administrator of the instance

Mayuran Anantha · ‎10-29-2019

Hi All,

We have an issue where we have noticed when impersonating non-admin users (as part of our testing for development of our scoped application), that our Script Include is returning 'null' (instead of the expected full name of the assignee). However, when using the application logged in as ourselves (administrators for our instance), the Script Include works perfectly fine!

We are developing a scoped application, where one our divisions can raise and manage cases. We have developed the ability to 'auto-assign' a case by selecting the 'Category' and 'Deal Name' fields within the case form (the view for our Case table, which inherits from Task). Essentially, by picking a category and deal name, the form will automatically populate the 'Assign to' field (and set the assignee of the case).

A client script is executed during the 'on change' of the 'Deal Name' field (a reference field to the 'Deal Name' table). and passes the sys_id of the deal name and category value to the Script Include. The Script Include then uses these values to perform GlideRecord lookups on the Deal (and Users) tables, so that the correct person (for the entered 'Deal Name') is then retrieved from the Deal Name table, and passed back to the Client Script so that it can be then set within the 'Assigned to' field of the case form.

Whilst this all worked perfectly, we have noticed that when impersonating users who are NOT administrators of the instance, the Script Include is returning null (we confirmed by adding an alert debugging statement in the Client Script).

Is there any reason why this would be the case?

Please can you help?

... I have attached both the Client Script and Script Include code below for your reference.

Client Script (called 'Set Assigned To based on Category'):-
-----------------------------------------------------------

// Wrap the client-side code in an onChange() function call
function onChange(control, oldValue, newValue, isLoading, isTemplate) {

// If the new value within 'Category' field is loading or empty or has not changed, then exit this Client Script
if (isLoading || newValue === '' || newValue == oldValue) {
return;
}

// Instantiate the GetIbaAssignedTo Script Include
var getIbaAssignedTo = new GlideAjax('GetIbaAssignedTo');
// Specify which getIbaAssignedTo function to call
getIbaAssignedTo.addParam('sysparm_name', 'getIbaAssignedTo');
// Pass the sys id of the actual case record
getIbaAssignedTo.addParam('sysparm_caseRecord', g_form.getUniqueValue());
// Pass the corresponding table stored numeric value (i.e. '1', '2', or '3') selected within the 'category' field for the case record
getIbaAssignedTo.addParam('sysparm_categoryValue', g_form.getValue('category'));
// Pass the sys id of the actual deal (displayed within the 'Deal Information' section) within the case record
getIbaAssignedTo.addParam('sysparm_dealRecord', g_form.getValue('u_deal_name'));

// Send the request to the server
getIbaAssignedTo.getXML(populateAssignedToField);

// Function call to retrieve the value from the Script Include
// Extract the 'Assigned To' value from the response, clear any existing value from the 'Assigned To' field,
// and then set the new value within the 'Assigned To' field (if a value has actually been returned)
function populateAssignedToField(response) {

// Store the 'answer' value (containing the assignee) from the returned XML
var assignedToValueFromScriptInclude = response.responseXML.documentElement.getAttribute("answer");

alert('Script include returns: ' + assignedToValueFromScriptInclude);

// Clear any existing values within the 'Assigned To' field for the case record form
g_form.clearValue('assigned_to');

// If there is a value returned from the Script Include, then set the form to contain that value
if(assignedToValueFromScriptInclude != "") {
g_form.setValue('assigned_to',assignedToValueFromScriptInclude);
}
// Otherwise, if there is nothing returned from the Script Include, then set an error message and alert to display
else {
g_form.setValue('assigned_to','It did not work!!!');
}
}
}
-----------------------------------------------------------

Script Include (called 'GetIbaAssignedTo'):-
-----------------------------------------------------------

// Create a new GetIbaAssignedTo class
var GetIbaAssignedTo = Class.create();

// Create a new GetIbaAssignedTo object, but extend ServiceNow's baseline AJAX processor Class (i.e. inherit all that class' functionality too) to be able to // make AJAX calls from Client Scripts.
GetIbaAssignedTo.prototype = Object.extendsObject(global.AbstractAjaxProcessor, {

getIbaAssignedTo: function() {

// Store the assignee value within a variable so it can be returned at the end
// Initially stores just an empty string
var assigneeValue = '';
// Store the sys id of the assignee returned from the GlideRecord lookup (initially an empty string)
var assigneeSysId = '';

// Initialise all the Glide Records (so that tables can be accessed) and store them as variables so they can be referenced

// Case table
var caseRecord = new GlideRecord('x_insoa_investec_a_table_caa');
// Deal Names table
var dealRecord = new GlideRecord("x_insoa_investec_a_deal_name_caa");
// Users table
var userRecord = new GlideRecord("sys_user");

// Store all the values passed in from the Client Script

// Store the sys id of the current case record
var caseRecordSysId = this.getParameter('sysparm_caseRecord');
// Store the numeric value of the 'Category' field from the current case record
var categoryValue = this.getParameter('sysparm_categoryValue');
// Store the sys id of the currently displayed 'Deal ID' field within the 'Deal Information' section of the case record
var dealRecordSysId = this.getParameter('sysparm_dealRecord');

// Query the Deal Names table, process the returned record(s), and return the assignee value

// Build query condition for the Deal Names Glide record
// Return * from Deal Names table where the 'sys_id' matches the value within the 'dealRecordSysId' variable
dealRecord.addQuery('sys_id', dealRecordSysId);

// Execute the query condition, and return zero or more records from the Deal Names table that match the query
dealRecord.query();

// Access the first Deal Names record returned from executing the query condition and process it
if( dealRecord.next() ){

// Check the category, and then set the value to be returned (a Deal Manager) accordingly.

// If the 'Category' value is 'New Deal' (i.e. value 7), then set the assignee to the DM
if( categoryValue == 7 ){

// Store the sys id of the 'Deal Manager' value from the returned Deal Names record
assigneeSysId = dealRecord.deal_manager;

// Build query condition for the Users Glide record
// Return * from Users table where the 'sys_id' matches the value within the 'assigneeSysId' variable
userRecord.addQuery('sys_id', assigneeSysId);

// Execute the query condition, and return zero or more records from the Users table that match the query
userRecord.query();

// Access the first Users record returned from executing the query condition and process it
if( userRecord.next() ){

// Store the full name of the 'Deal Manager' user from the returned Users record
assigneeValue = userRecord.name;

// Return the assignee (which should be the 'Deal Manager' in this case)
return assigneeValue;
}
}

// Otherwise, return nothing!
else{
return assigneeValue;
}

}
// Otherwise, if there were no matching records within the Deal Names table, then return a message explaining this
else{
return 'The deal table lookup returned no records!!!';
}
},

type: 'GetIbaAssignedTo'
});

-----------------------------------------------------------

Thank you kindly,

Mayuran

James Gragston · ‎10-30-2019

Hey Mayuran Anantharajan,

If your script include is working while you're signed in as an admin but not for any other user, that would suggest that there's an access issue.

The second check that runs in your script include is not evaluating to True and the 'else' stmt is running:

So, if you're returning 'null', it means you're finding a dealRecord but not the categoryValue. To make sure of this, I would populate the 'assigneeValue' with a default value at the top of your script and see if this default value is returned while you're impersonating another user.

Then, I would hard code a value(7) into the categoryValue to test further that this variable is in fact the issue. If this is the problem, I would check that there are no field ACL's preventing access to non-admins or Query/Before Business rules doing a check for the user's role or group affiliation to access this field data.

Debugging ACLs

Log In as Admin User
Navigate to System Security > Debug Security Rules
Impersonate the user you want to have access
Navigate to the table

Further concerns:

You mentioned that you have an 'On Change' client script on the deal_name field but do you have anything to check to see if the category_value was populated?

If the user enters a deal_name value but doesn't populate the category_value field, your script will not carry that value over and your second 'if' condition will continue to evaluate to false. This may be an issue you'll want to mitigate if you haven't already.

I would hide the deal_name field on the form with a UI Policy until the category_value is populated so that users can't populate one and not the other.

Hope this answer helped or solved your problem. If so, please mark it as such. Thanks!

James Gragston | Developer at CloudPires

5721 Dragon Way | Suite 118
Cincinnati, OH 45227
CloudPires.com