Best way to restrict most HR Services to a set of groups. They should only access 4 HR services.

geannaweed · ‎11-09-2022

I have a requirement to restrict around 15 groups from accessing several other HR services but 4. They have the case writer role. What's the best way to do this. I don't see effectiveness on COE security policy as I have to identify all groups to attach to each COE so just this is implemented. Hope you can help me thanks.

Musab Rasheed · ‎11-09-2022

Hello,

Check my answer here

https://www.servicenow.com/community/hrsd-forum/how-to-hide-hr-services-from-agents-while-case-creat...

Please hit like and mark my response as correct if that helps
Regards,
Musab

geannaweed · ‎11-11-2022

I have tried this and it is unable to open records saying 'record not found' but how come the cases are still visible from the hr case list. how do I hide it from the list as well without doing any list filters.

Musab Rasheed · ‎11-11-2022

You can create Query before BR on HR case table then like below

Condition :

gs.getSession().isInteractive()

Code:

(function executeRule(current, previous /*null when async*/) {	

if((gs.getUser().isMemberOf('8e8c05c9db4da4d0787fe4e1ca9619d9')) ||(!gs.getUser().isMemberOf('901c4d0edb05acd0787fe4e1ca96191f')) ||(!gs.getUser().isMemberOf('6b40c1afdb522b002b54f77c2996198d')) || (!gs.getUser().isMemberOf('7c15094adb16a700515f84eb0b961981'))){  

current.addEncodedQuery('active=true^hr_service!=8c1db1099f231200d9011977677fcf59^hr_service!=8d3103151bfc5d5017ad99f32a4bcb00');

}
})(current, previous);

Please hit like and mark my response as correct if that helps
Regards,
Musab

Community Alums · ‎11-09-2022

Hi @geannaweed ,

As per the best practice, you should Restrict at the COE level using COE security policy itself.

For your requirement, this is the best solution which you can implement :

https://www.servicenow.com/community/hrsd-forum/how-to-restrict-hr-case-to-particular-tier1-groups/m...