how to hide all hr cases from impersonators

randrews · ‎05-25-2017

OK so was working on an HR roll out today and it occured to me, I don't want to disable impersonating hr people <they may have an issue in Service Now that i need to impersonate to test> but i don't want anyone impersonating an hr person to be able to see any hr cases <that would be VERY bad...

so since i had a before BR that ran on query and locked down who can see which cases, I thought to myself why not use THAT br to restrict the view of cases... this little function in an on query BR on the table will keep anyone that is impersonating from seeing any cases.

Please let me know if you see any flaw in my logic. Active is the task active field so as a boolean has to be either true or false.

	if(GlideImpersonate().isImpersonating()){
	//if someone is impersonating hide all records
	gs.addErrorMessage("You are impersonating an HR user and are unable to view HR Cases");

	current.addQuery('active',false);
	current.addQuery('active',true);

}

LaurentChicoine · ‎05-25-2017

I would probably go with current.addNullQuery('sys_id') but your's should work.

Also I think you need to apply that BR to the Task table also, otherwise if you go in the task list the tasks would still show up. I thought of adding that query but somehow it is not working on that HR table, it is however working on other base table like incident:

current.addQuery('sys_class_name', '!=', 'sn_hr_core_case')

You could have something less pretty like current.addQuery('number', 'DOES NOT CONTAIN', 'hrc')

IN the end query business rules can sometime have weird behaviors especially on extended tables. Since it is for impersonnation, I would probably add the script condition !GlideImpersonate().isImpersonating() to all read ACLs on the table.

randrews · ‎05-25-2017

good thought created a new on query br on task that is intesting note that without this while you CAN see the cases in list view you can't open the form.. when you try you get record not found... gotta love on query br's

(function executeRule(current, previous /*null when async*/) {

// Hide hr cases and tasks from query on the task table.

var qstring = 'sys_class_name!=hr_case^sys_class_name!=hr_task';

current.addEncodedQuery(qstring);

})(current, previous);

randrews · ‎05-31-2017

Sorry for the delay getting this finished took me a bit to find the Exact fix i wanted... on the table you want to hide from task... create the br i put in above.. now when iimpersonating they can't see the records from that table.

	if(GlideImpersonate().isImpersonating()){
	//if someone is impersonating hide all records
	gs.addErrorMessage("You are impersonating an HR user and are unable to view HR Cases");

	current.addQuery('active',false);
	current.addQuery('active',true);

}

now the issue is they CAN see but not open the records from a list view.. in my case this was easy i don't want ANYONE seeing HR cases on task table

so all we need to do is ensure no one can see them... with a query rule on the task table....

(function executeRule(current, previous /*null when async*/) {

var viewName = current.getTableName();

//gs.addInfoMessage('in the task view br: the current table is ' + current.getTableName() + ' test for hr case is ' + (viewName != 'hr_case') + ' test for hr task is ' + (viewName != 'hr_task'));

// Hide hr cases and tasks from query on the task table.

if (viewName != 'hr_case' && viewName != 'hr_task'){

var qstring = 'sys_class_name!=hr_case^sys_class_name!=hr_task';

current.addEncodedQuery(qstring);

}

})(current, previous);

NewUser5 · ‎06-01-2018

hey ,

i didnt want to hide from list view , hide only from impersonator list ..how to achieve that ?