
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-30-2018 01:32 PM
We have a requirement to make a certain group of ITIL users to have write access to only work notes. I was thinking of giving them an extra role that would prevent them to write to all fields except work notes. This seems like a lot of ACLs to write. Is there a better way to do this? Am I overthinking how I would write my ACLs?
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-01-2018 05:47 AM
I found something on the ServiceNow Guru site that let me get all fields that have change in an array. It then allowed me to loop through them so I could determine if anything other then work notes was updated.
(function executeRule(current, previous /*null when async*/) {
// Add your code here
if (gs.hasRole('pmo_itil')){
var gru = GlideScriptRecordUtil.get(current);
var changedFields = gru.getChangedFieldNames().toString().split(',');
//gs.log ("Changed Fields: " + changedFields);
for (var i = 0; i < changedFields.length; i++){
gs.log ("Changed Field: " + changedFields[i]);
if (changedFields[i] != '[work_notes]'){
gs.addErrorMessage('You do not have writes to change any fields but Work Notes');
current.setAbortAction(true);
return;
}
}
}
})(current, previous);

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-30-2018 01:49 PM
I think a new role will do. All you need to create is a read ACL on that table and then write ACL only for worknotes. But I am not sure, if we can do that's allowed and doesn't violate the licensing policy
Please mark this response as correct or helpful if it assisted you with your question.

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-30-2018 03:06 PM
That is the thing. I cannot get another ACL to work by itself. The user would need to have both ITIL and the new role.

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-30-2018 03:28 PM
How about other tables? Should they have access to change request, problem etc.
Please mark this response as correct or helpful if it assisted you with your question.

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-31-2018 04:59 AM
We are only using incident, request, and problem. The requirements are only on incident and request as they are customer facing.