Restrict user to resolve the P1/P2 incidents. and only Group-A should have access to resolve them
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ā03-13-2024 03:23 AM
Hi All,
I'm trying to restrict, the users to resolve the P1/P2 incidents. and only Group-A have access to resolve the P1/P2 Incident. how can we achieve
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ā03-13-2024 04:54 AM
My friend.,
we need to update this condition and add Priority as well. So update it and then test.
If my response proves useful, please indicate its helpfulness by selecting " Accept as Solution" and " Helpful." This action benefits both the community and me.
Regards
Dr. Atul G. - Learn N Grow Together
ServiceNow Techno - Functional Trainer
LinkedIn: https://www.linkedin.com/in/dratulgrover
YouTube: https://www.youtube.com/@LearnNGrowTogetherwithAtulG
Topmate: https://topmate.io/atul_grover_lng [ Connect for 1-1 Session]
****************************************************************************************************************
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ā03-18-2024 03:25 AM
Hi @bankuru bhargav
### Step 1: Define a User Group for Group-A
First, ensure that āGroup-Aā is clearly defined in your ServiceNow instance with the appropriate users added to it.
1. Navigate to User Administration > Groups.
2. Check if āGroup-Aā exists. If not, click āNewā to create it and add users accordingly.
### Step 2: Create an Access Control Rule (ACL)
Create an ACL to enforce the restriction on changing the incident state to resolved for P1/P2 incidents except for users in āGroup-Aā.
1. Navigate to System Security > Access Control (ACL).
2. Click āNewā to create a new ACL.
3. For the Type, select āRecordā.
4. For the Operation, choose āWriteā.
5. For the Name or Table, select āIncident [incident]ā.
6. Conditions: Specify conditions to match P1 and P2 incidents. This could look like: [Priority] [is] [1 - Critical] or [Priority] [is] [2 - High]. You may need to create two separate ACLs for P1 and P2 if you cannot adequately define this in a single condition.
7. Script: Use a script to check if the user is part of āGroup-Aā. Below is a sample script you might use. Adjust āgroup_a_sys_idā to the actual sys_id of Group-A.
(function executeRule(current, previous /null when async/) {
// This gets the sys_id of the Group-A; replace āgroup_a_sys_idā with actual sys_id
var groupASysId = āgroup_a_sys_idā; // Example sys_id
var userGrpMember = new GlideRecord(āsys_user_grmemberā);
userGrpMember.addQuery(āgroupā, groupASysId);
userGrpMember.addQuery(āuserā, gs.getUserID());
userGrpMember.query();
if (userGrpMember.next()) {
// User is in Group-A, allow write
return true;
}
// If the code reaches here, the user is not in Group-A, prevent write unless read-only fields
return false;
})();
save and test.
Note: Please Mark this Helpful and Accepted Solution. If this Helps you to understand. This will help us a lot.
Thanks & Regards
Deepak Sharma
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ā03-18-2024 03:49 AM
How are your P1/P2 incidents resolved? If it is through the 'resolve' button, you can easily change the conditions on the button (ui action) as has already been answered.
If it is through changing the state of the form itself, you will need to create some logic that will limits that. Question is: what's your process? It would be easy to just put 'write' roles on the state field on P1/P2 incidents for only this group or groups, but if others are supposed to work on it, just not resolve, other logic may need to apply. Question is: what is that logic.
Please mark any helpful or correct solutions as such. That helps others find their solutions.
Mark
