Inbound emails from someone NOT apart of the HR Case

Go to solution
Rob Sestito
Mega Sage

‎04-10-2019 07:59 AM

Hey there SN Comm!!

I am looking to see what (if at all), others might be doing when it comes to allowing people that do not have access to view a Case/are not part of a Case - to be able to email into a Case.

Example:

recently we had a Case that was for one person, and they were the Requestor and Subject Person and Opened By (because they emailed into the system). The assigned to person of this Case, needed to reach out to the Requestor's manager. They did so, via emailing them from the Case itself. The manager then replied to that email from the Case. However, since they are not apart of the Case, and not in any assignment group from the system, their reply never reached the actual Case. It was ignored.

I reached out to SN with a HI Case because I was confused at first. I thought that if someone gets emailed from the actual Case, they would be able to reply and their reply would be posted to the Case. SN however, said that since the person being emailed does not have access to the Case (or apart of the Case in any way), that they cannot post anything to the Case - which includes their emails.

I then as a test, added that manager to the watch list, reprocessed their email, and it was posted to the Case.

We do not want to make this a thing, where we keep adding people to watch list, just to allow them to reply back to a Case when they are not actually involved in the Case.

First, does anyone out there know of this issue/scenario? Second, if you know about this, has anyone built anything as a work around? Is there something that can be done for this?

My initial thought was to create an addition field that is like the watch list field, but tie NO Out going emails like the watch list does. The watch list currently sends out emails for work noted AND additional comments, which we do not want. Especially when it is with someone not technically involved in the Case. But just reached out for additional information.

Thanks in advance!

-Rob

0 Helpfuls
  • 4,491 Views
1 ACCEPTED SOLUTION

Go to solution
Rob Sestito
Mega Sage
In response to jrusso

‎04-16-2019 04:53 PM

Hey John,

So yeah - seems like I needed to add the correct .addOrCondition line within the Restrict Query Business Rule. I tested with a few different tables that I am using this new field on within our HR Cases (COEs). Sure enough, each time I added the dummy account to the new field and sent my email in, the email posted. Once I removed the dummy account from the field, sent in another email, the email was blocked from being posted to the Case. It is a bit strange that the Business Rule would control all of that access, but I guess it does make sense when we really think about it. I was sure that I needed a new ACL, or at least had to modify an OOTB one (as provided by asifnoor). Then we went through also modifying the Include Script. But, turns out it was not needed. But I am glad we went through it, as I definitely learned a lot!

So, here is what was needed for the access:

Modify the OOTB Business Rule 'Restrict Query', with the new field I created (which is a List Field with a reference qualifier)

find_real_file.png

Here is my new field as a reference:

find_real_file.png

I hope this helps you, and anyone else - as this entire post has helped me!

Cheers!!

-Rob

View solution in original post

Preview file
49 KB
Preview file
34 KB
47 REPLIES 47

Go to solution
Kiel Sanders
ServiceNow Employee
ServiceNow Employee

‎04-12-2019 06:53 AM

The behavior you are seeing is related to the "Restrict query" business rule on the HR Case table.  As you mentioned, this is in place to lock down security to only the following situations:

  1. Opened By
  2. Opened For
  3. Opened For of the parent case
  4. Watch list
  5. Approvers
  6. Cases associated to my Tasks
  7. Subject Person (only for HR Services allowing Subject Person to view the case)

This security restriction is in additional to the ACLs that have been defined on the table so you may need to review those as well.  You could disable this business rule but it would not be recommended.  Another option is to modify the business rule to add another query for your new field; however keep in mind that you will want to closely monitor this during upgrades in case the Restrict query business rule changes.

Go to solution
Rob Sestito
Mega Sage
In response to Kiel Sanders

‎04-12-2019 07:22 AM

Hey Kiel!

Thanks for replying!

I think I am actually going to take another route to this. I do not want to mess with this kind of security, because overall I do like how it is set up and I agree with it.

When someone from our Employee Resource Center, needs to reach out to someone that is not involved in the Case, happens very seldom. Therefore, I am just thinking of creating a new field, much like the Watch List field, to allow for additional communication from an outsider. So ONLY someone within this new list field, can send emails to the Case and let them be posted to the Case.

I am currently in the process of exploring this option now, with how it will work and its own security.

Thanks,

-Rob

0 Helpfuls

Go to solution
Kiel Sanders
ServiceNow Employee
ServiceNow Employee
In response to Rob Sestito

‎04-12-2019 07:33 AM

I think you'll still need to modify the business rule I mentioned with that solution because the business rule acts as another level of security on top of ACLs.  If you create a new field containing users that should be able to reply to case, you'll need to account for that new field in the business rule or else their update to the case will likely be denied.

0 Helpfuls

Go to solution
Rob Sestito
Mega Sage
In response to Kiel Sanders

‎04-12-2019 08:01 AM

Sounds good!

Thank you, Kiel - I will definitely keep that in mind when constructing and testing.

-Rob

0 Helpfuls