Using data filtration to limit user to create and read incidents from an assignment group

snow2p · ‎12-26-2024

Hi,

I'm using data filtration and can't quite figure out how to limit the scope of the user (with custom role ticketIntegration) to only see incidents of a particular assignment group or create incidents with a particular assignment group integration_sync.

Basically, I setup the data filtration to be

Data condition -- Assignment group is integration_sync

Subject Role -- Subject role is ticketIntegration OR Subject role is itil

Security Attribute Condition -- Role is ticketIntegration

The user is able to still see all incidents. I'm tweaking a whole bunch of stuff so hopefully I didn't tweak a config that prevents what I'm trying to do.

Can this be done with data filtration? I would like to avoid any scripting to make sure the configuration can be handed off to an admin who does not know scripting.

snow2p · ‎12-27-2024

Here's a screenshot. I've read many of the data filtration posts, and some of them are conflicting in terms of using "is" vs. "is not". If someone has clarification please advise.

I tried to use the example at https://www.servicenow.com/community/developer-articles/data-filtration-in-servicenow-vs-acl-step-by... but my data filtration juju is not strong enough.

snow2p · ‎01-09-2025

To update this question, I was able to implement a "no-code" way to prevent users with a particular role from creating incidents that did not have the right assignment group (screenshot below). I had to use a business rule that checked both the assignment group and updater (updated by). The BR works for both creating and updating, since when an incident is created, the "updated by" equals "created by" in my testing. This solves half of my problem and hopefully helps others. I will keep trying and will add additional info if I can get the remainder working.