Should Not Available For evaluate to true or false?

Go to solution
kim-lindgren
Kilo Sage

‎02-06-2024 09:06 AM

If I put a user criteria with a script under Not Available For, will users be restricted when it evaluates to true or when it evaluates to false?

 

It might seem self-evident that the restriction happens when the script evaluates to true, but my instance is seemingly behaving the opposite way in one case, so I thought I'd ask for an authoritative answer.

 

Many thanks,

Kim

0 Helpfuls
  • 948 Views
1 ACCEPTED SOLUTION

Go to solution
Robbie
Kilo Patron
Kilo Patron
In response to kim-lindgren

‎02-07-2024 08:00 AM - edited ‎02-07-2024 08:12 AM

Hi @kim-lindgren,

 

Here's how I've just confirmed that 'answer = true;' does indeed block access - see the below screenshot.

Essentially, strip back the logic to confirm.

I added this User Criteria to a standard Catalog Item and added this under the 'Not Available For' against an item. I checked that when set to true, the user could not see the item. When set to false, the user could see the item. 

As an FYI, whilst in the script itself there is the below statement, I did have to clear the cache to confirm as I too was getting indifferent results until I cleared the cache and also logged out and logged back in.

I did say they were 'fun' didn't I. 

"Scripted User Criteria is not cached, and evaluated everytime, so performance is dependent on the script."

 

Also, as per the guidance, remove the statement: !gs.getUser().isMemberOf("GROUP");

You're going to have to user the 'user_name' object (which is the sys_id of the user which the evaluation is against.

 

To help others (or for me to help you more directly), please mark this response correct by clicking on Accept as Solution and/or Helpful.

 

Thanks, Robbie

 
 
Screenshot 2024-02-07 at 15.42.18.png

View solution in original post

6 REPLIES 6

Go to solution
Robbie
Kilo Patron
Kilo Patron

‎02-07-2024 04:48 AM

Hi @kim-lindgren,

 

Working with the advanced scripting can be 'fun' at times, so you're not alone.

I can confirm that when the function returns true, ('answer = true' to be specific), the user(s)/group(s) etc will have access. Returning false will block access.

There's a tip I would like you to take note of when testing, and that's the 'Match All' check box. Depending on whether this is checked (true) or unchecked (false) has an effect.

 

SN's official blurb and guidance to this checkbox which is defaulted to false: "If set to true, only users who match an element of each condition are given access. If set to false, at least one of the set conditions should be met in order to allow access to the user."

 

Also make sure you follow the guidance in the Advanced Script area about not using the 'current' object or 'gs.getUser()` or `gs.getUserID()`. 

The script is looking for the answer to be set to either true or false

Eg: answer = false;

 

To help others (or for me to help you more directly), please mark this response correct by clicking on Accept as Solution and/or Helpful.

 

Thanks, Robbie

Go to solution
Sandeep Rajput
Tera Patron
Tera Patron

‎02-07-2024 05:03 AM

@kim-lindgren Could you please share your script and user criteria snap-shot. Also, can you confirm if Match all is set to false? Ideally, the restriction should take place when the script returns true. 

 

This is what servicenow docs says about Script field.

 

Screenshot 2024-02-07 at 6.31.05 PM.png

Here is what it says about Match All.

 

Screenshot 2024-02-07 at 6.31.52 PM.png

Source:https://docs.servicenow.com/bundle/vancouver-employee-service-management/page/product/wsd-reservatio...

Go to solution
kim-lindgren
Kilo Sage

‎02-07-2024 07:35 AM

@Robbie, you wrote:

I can confirm that when the function returns true, ('answer = true' to be specific), the user(s)/group(s) etc will have access. Returning false will block access.

@Sandeep Rajput , you wrote:

 

Could you please share your script and user criteria snap-shot. Also, can you confirm if Match all is set to false? Ideally, the restriction should take place when the script returns true. 

 

I believe you are contradicting each other here? Which one is correct? I can add that:

  • Match All is checked and the other condition for this User Criteria is that the user belong to a particular company.
  • gs.getUser() is used in the script, thanks for pointing that out, I am not using some "diagnostic tools" though (unless impersonation is a diagnostic tool?) so I don't think it affects the outcomes.

 

I also note the documentation says that the evaluation is cached so any change in the script requires you log in again - thanks for pointing this out, it could be part of the explanation for my contradictory results.

 

For clarity, this is the script line:

answer = !gs.getUser().isMemberOf("GROUP");

 

My guess is that, because Match All is checked, there is a contradiction between the group check and the company check, so the user criteria is never met. 

 

I will have to test more later, but for now it would be interesting to see if we can come to a conclusion on what should be the correct impact of a false answer in Not Available For.

 

Go to solution
Sandeep Rajput
Tera Patron
Tera Patron
In response to kim-lindgren

‎02-07-2024 07:41 AM

@kim-lindgren Thanks for sharing the detailed reply, since Match All is checked the user criteria will try to match all the conditions including script. 

 

As rightly pointed by you, if there are contradicting conditions and Match All is true the user criteria will never met

 

I am eagerly awaiting the result of your tests.