
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-30-2018 01:32 PM
We have a requirement to make a certain group of ITIL users to have write access to only work notes. I was thinking of giving them an extra role that would prevent them to write to all fields except work notes. This seems like a lot of ACLs to write. Is there a better way to do this? Am I overthinking how I would write my ACLs?
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-01-2018 05:47 AM
I found something on the ServiceNow Guru site that let me get all fields that have change in an array. It then allowed me to loop through them so I could determine if anything other then work notes was updated.
(function executeRule(current, previous /*null when async*/) {
// Add your code here
if (gs.hasRole('pmo_itil')){
var gru = GlideScriptRecordUtil.get(current);
var changedFields = gru.getChangedFieldNames().toString().split(',');
//gs.log ("Changed Fields: " + changedFields);
for (var i = 0; i < changedFields.length; i++){
gs.log ("Changed Field: " + changedFields[i]);
if (changedFields[i] != '[work_notes]'){
gs.addErrorMessage('You do not have writes to change any fields but Work Notes');
current.setAbortAction(true);
return;
}
}
}
})(current, previous);

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-31-2018 12:02 PM
I think you should remove itil roles from those users, if they don't need access to other modules and just need to update work notes.. And provide them an interface to update worknotes. may be a different table though which they can enter their notes. They should be added to the watchlist to be able to read the incident record if required. Let me know if you think otherwise
Please mark this response as correct or helpful if it assisted you with your question.

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-31-2018 12:10 PM
Eventually we will be enabling the other modules and they will need access.

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-31-2018 12:12 PM
Also I need them to be able to view all info in the tickets including the activity we just only want to allow them to update work notes on incidents and requests.

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-31-2018 01:49 PM
Ok. In that case we can add a client script to make every field readonly except the worknotes
Please mark this response as correct or helpful if it assisted you with your question.

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-01-2018 05:00 AM
A client script would not work as that would not run on list layout.