Write a query BR to hide the RITMS for other than HR groups
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-18-2024 09:37 PM - edited 02-18-2024 09:38 PM
Hi,
I want HR group members/HR Group to access Requests coming from HR catalog, Rest others who are not part of HR should not have access to Requests coming from HR.
I have written Before Query BR for this but it is not working as expected.
Can anyone help me with query BR & Code.
Code :
// Before Query Business Rule on 'sc_req_item' table
// This script assumes 'cat_item' is a reference field to the catalog item and 'requested_for' is a reference field to the user
(function executeBeforeQuery(current, previous /*null when async*/) {
// Add a condition to the query to show only records for "HR" catalog items
current.addQuery('cat_item.name', 'HR');
// Add a condition to the query to check if the logged-in user has a group type containing the name "HR"
var userGroupType = gs.getUser().getRefRecord().getValue('group_type');
if (!userGroupType || userGroupType.indexOf('HR') === -1) {
// If the user does not have the necessary group type, add a condition to the query to hide records
current.addQuery('sys_id', 'NOT IN', 'sys_id'); // This condition ensures that no records are returned
// Display an error message
gs.addErrorMessage('You do not have the necessary group type to view records for HR catalog items.');
}
})(current, previous);
Thanks in Advance!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-18-2024 10:08 PM
Please try with updated code below:
(function executeBeforeQuery(current, previous /*null when async*/) {
// Add a condition to the query to show only records for "HR" catalog items
var catItemGr = new GlideRecord('sc_cat_item');
catItemGr.addQuery('name', 'HR');
catItemGr.query();
var hrCatalogItems = [];
while (catItemGr.next()) {
hrCatalogItems.push(catItemGr.sys_id.toString());
}
current.addQuery('sc_cat_item', 'IN', hrCatalogItems.join(','));
// Check if the user is a member of the HR group
var user = gs.getUser();
var isHRMember = user.isMemberOf('HR'); // Assuming 'HR' is the group name
if (!isHRMember) {
// If the user is not a member of the HR group, add a condition to the query to hide records
current.addQuery('sys_id', 'IN', ''); // This condition ensures that no records are returned
// Display an error message
gs.addErrorMessage('You do not have access to view requests from the HR catalog.');
}
})(current, previous);
Please Mark ✅Correct if this solves your query and also mark 👍Helpful if you find my response worthy based on the impact.
Thanks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-18-2024 10:14 PM
Hi @mania,
I wouldn't recommend using a query BR as it can result in odd behaviours across many places in the platform.
Instead, I would recommend one of the following:
- Leverage HRSD module, it provides the capability to restrict access with OOTB capability
- Use the 'Read roles', and 'Write roles' of a variable
- Use Data Filtration
- ACL
Thanks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-18-2024 10:20 PM
Hello @mania ,
Please give a try to the code below and see how it works for you.
(function executeBeforeQuery(current, previous /*null when async*/) {
// Check if the current user is a member of the HR group
var isHRUser = gs.hasRole('HR'); // Assuming 'HR' is the role name
// Check if the requested item is from the HR catalog
var isHRRequest = current.cat_item.name == 'HR';
// If the user is not in the HR group and it's not an HR request, hide the record
if (!isHRUser && !isHRRequest) {
current.addQuery('sys_id', 'IN', ''); // This condition ensures that no records are returned
gs.addErrorMessage('You do not have the necessary permissions to view this record.');
}
})(current, previous);
Please Mark ✅Correct if this solves your query and also mark 👍Helpful if you find my response worthy based on the impact.
Thanks,
Aniket
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-18-2024 10:36 PM
Hi @mania
Can you share the information for below concern?
- How can we identify the HR Groups in your instance? Ex: Group Type contains HR, Group Name contains HR?
- What is definition for HR Catalog Items in your instance? Ex: Name contains HR?
Cheers,
Tai Vu
