Work notes only for ITIL users

Brian Lancaster
Tera Sage

We have a requirement to make a certain group of ITIL users to have write access to only work notes.  I was thinking of giving them an extra role that would prevent them to write to all fields except work notes.  This seems like a lot of ACLs to write.  Is there a better way to do this?  Am I overthinking how I would write my ACLs?

1 ACCEPTED SOLUTION

I found something on the ServiceNow Guru site that let me get all fields that have change in an array.  It then allowed me to loop through them so I could determine if anything other then work notes was updated.

(function executeRule(current, previous /*null when async*/) {

	// Add your code here
	if (gs.hasRole('pmo_itil')){
		var gru = GlideScriptRecordUtil.get(current);
		var changedFields = gru.getChangedFieldNames().toString().split(',');
		//gs.log ("Changed Fields: " + changedFields);
		for (var i = 0; i < changedFields.length; i++){
			gs.log ("Changed Field: " + changedFields[i]);
			if (changedFields[i] != '[work_notes]'){
				gs.addErrorMessage('You do not have writes to change any fields but Work Notes');
				current.setAbortAction(true);
				return;
			}
		}
	}

})(current, previous);

 

View solution in original post

11 REPLIES 11

SanjivMeher
Kilo Patron
Kilo Patron

I think a new role will do. All you need to create is a read ACL on that table and then write ACL only for worknotes. But I am not sure, if we can do that's allowed and doesn't violate the licensing policy


Please mark this response as correct or helpful if it assisted you with your question.

That is the thing.  I cannot get another ACL to work by itself.  The user would need to have both ITIL and the new role.

How about other tables? Should they have access to change request, problem etc.


Please mark this response as correct or helpful if it assisted you with your question.

We are only using incident, request, and problem.  The requirements are only on incident and request as they are customer facing.