Store Certification Best Practice: Making a Global Field Read-Only from a Scoped App
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
yesterday
Hi everyone,
I am building a scoped application intended for the ServiceNow Store. The app creates tickets on the standard global change_request table.
The Requirement
I need to make the global assignment_group field read-only on the Change Request form, but only for users who possess my app’s custom scoped role (x_paan_scm_cr.change_request_user). If they have the itil role, the field should remain editable.
I have robust server-side security (a Scoped Business Rule) that successfully blocks the database update, but I am struggling to find a Store-certifiable way to handle the visual UI restriction on the form.
What I have tried (and why it fails):
Scoped UI Policy / Scoped Client Script: When I try to run g_form.setReadOnly('assignment_group', true) from within my scope, it either gets immediately overridden by OOTB global UI policies, or it throws a UI16 cross-scope access denied error because my scoped app is trying to manipulate a global field's DOM state.
Global Client Script: If I switch to the Global scope and write the Client Script there, it works perfectly. However, my understanding is that packaging a Global Client Script inside a scoped Store App is a major red flag that will fail certification.
Modifying Baseline ACLs: I have seen suggestions to modify the OOTB change_request ACLs, but I cannot do this, as altering baseline global security rules is forbidden for Store apps and causes upgrade conflicts for the customer.
