To hide certain Configuration Items from selection for specific role users

rishabh31
Mega Sage

‎02-21-2024 04:10 AM

Team,

I need help with Before Query BR. Requirement: Users having roles 'itil' should not be able to view a few 'Configuration Items' upon its selection through the 'Configuration Item (cmdb_ci)' field on Incident, Change Request Records (as shown in the below screenshots).

 

rishabh31_0-1708516830927.pngrishabh31_1-1708516867213.png

 

Need to hide below 3 yellow highlighted Configuration items on selection through above cmdb_ci field on Incident and change request tables for ITIL users but users with the admin role can view and select these 3 below CIs.

rishabh31_2-1708517093104.png

Please help with the requirement.

 

Thanks

0 Helpfuls
  • 324 Views
3 REPLIES 3

Mark Manders
Mega Patron

‎02-21-2024 04:34 AM

Why use a query BR? Just create a read ACL on the table with condition that only admin can read these three.

 

It is weird that an admin can add them to an incident or change, since an admin is not part of the ITIL process, but whatever the reason: you will let the ACL take care of what they can choose from in the list. And if it's really just on the INC and CHG records for the cmdb_ci field (so they can see it if the look at the cmdb_ci list, then put a reference qualifier in their, excluding those three items.


Please mark any helpful or correct solutions as such. That helps others find their solutions.
Mark
0 Helpfuls

rishabh31
Mega Sage
In response to Mark Manders

‎02-21-2024 05:27 AM

Thanks @Mark Manders Sir for your inputs, I understand this can be achieved through ACLs but could you please help me with the below Before query BR

rishabh31_0-1708520787258.png

 

(function executeRule(current, previous /*null when async*/ ) {
    // See if the user has the itil role.
    var itil = gs.getUser().hasRole('itil');
    if (itil == true) {
        current.addEncodedQuery('name!=*CAROL3-GATEWAY^name!=*MACBOOK-AIR-13^name!=*DAVIN-IBM');
    }
})(current, previous);

 

 

The above script is working as desired for ITIL users but fails when any user has the role 'admin'. I mean if any user has both ITIL and admin roles then it still hides the 3 CIs but I want these 3 to hide only when logged in user has 'itil' regardless of user contains 'admin' role as well. I used 'hasRoleExactly' but still not working

 Could you please help here

0 Helpfuls

Mark Manders
Mega Patron
In response to rishabh31

‎02-21-2024 10:52 PM

You BR only checks on the ITIL role and nothing else. If you add the conditions that the rule should only run when the user does not have the admin role, you're there. Just remember that you can have many ACL's for doing something, but only one Query BR on a table. Any other additions will have to be done to the same rule. I don't see any reason to use a Query BR if you are just wanting to hide the option to choose the record on a form.


Please mark any helpful or correct solutions as such. That helps others find their solutions.
Mark
0 Helpfuls