Join the #BuildWithBuildAgent Challenge! Get recognized, earn exclusive swag, and inspire the ServiceNow Community with what you can build using Build Agent.  Join the Challenge.

Making EVENT Tasks in BCM visible only to assignment group members and admins.

Adrian Weber1
Tera Contributor

‎11-21-2023 03:57 AM

Good day! 

My end-user is asking to limit the visibility of EVENT TASK within the BCM workspace to only members of the assignment group and people with bcm_admin or admin roles.  

We accomplished this with a business rule, but it had unanticipated results.  In setting this up, we found that it breaks the DEPENDENCY functionality.  Event tasks that have met all of their dependencies are not going from Pending to Ready status automatically. 

It seems as if the system is using the ID of the person who closes the first task to adjust the state of the second task, and if they can't see it... the state doesn't get updated.  

 

With our current configuration, if there are 2 tasks in row that are assigned to the same team, the dependency functionality works fine.  Additionally, it works fine if the task is updated by an admin or bcm_admin, for obvious reasons.  

 

We have 2 business rules in place, but only one is active.  

This is the script from our current, active, business rule: 

 

(function executeRule(current, previous /*null when async*/ ) {
if (!gs.hasRole("sn_bcm.admin") && !gs.getUser().isMemberOf(current.assignment_group.getDisplayValue()))
{
gs.addErrorMessage("You must be a member of the assignment group or an admin to update these records.");

current.setAbortAction(true);
}
})(current, previous);
 
As you can see, it's just about limiting "who can update" the event task and throwing an error message if they don't have the rights to do so.  In most scenarios, the assignee can successfully close their event task, but the error message gets thrown for the NEXT event task (since they aren't members of the next assignment group) and the task state doesn't get updated. 
 
The other business rule we had in place, but have disabled, is as follows: 
(function executeRule(current, previous /*null when async*/ ) {
if (!gs.hasRole("sn_bcm.admin") && !gs.getUser().isMemberOf('SN-BCM Admin View Only'))
 {
        current.addQuery("assignment_group", "DYNAMIC", "d6435e965f510100a9ad2572f2b47744").addOrCondition("additional_assignee_list", "CONTAINS", gs.getUserID());
    }
})(current, previous);
 
This (obviously) doesn't throw the error message, but when it's enabled, we see the same lack of behavior when updating the STATE of the next event task.  
 
My question is:  Is there a way to still provide the visibility restrictions but have the dependencies work correctly?  I've thought about using ACL's instead, but my team and I think the end results will be the same. 
 
Thank you for any help you can provide! 
  • 419 Views
0 REPLIES 0