ui policy

Segenenipri · 3 weeks ago

There is a scenario where in the incident table if the user does not belongs to service desk group then the assignment group field should be read only for that users. I tried using client script but not able to see the output and also i tried using ui policy . Can anyone explain how to acheive this ?

lpruit2 · 3 weeks ago

Greetings @Segenenipri. If you wish to achieve this via some sort of client-side logic such as a Client Script or a UI Policy, I recommend utilizing a GlideAjax approach. You would be passing the current User value from your UI Policy or Client Script to a Script Include in order to perform the .isMemberOf method which is part of the GlideUser class. I will include a link to some documentation regarding GlideUser and the famous GlideAjax cheat sheet below.

isMemberOf Method

GlideAjax Cheat Sheet

However, this will require several lines of code between the client-side record, the server-side Script Include, a new function within the Script include, both the client and server side code will need to be checked for errors, the new Script Include will need sufficient permissions created, those permissions will need to be applied to the correct audience in order to take advantage of this logic.

Instead, I would recommend creating a new "write" ACL on the Assignment Group field for this table. In this new "write" ACL on the Assignment Group field, you can utilize the Advanced Condition field. I've included some JavaScript to get you started below in addition to some helpful information about ServiceNow Access Controls (ACL).

gs.getUser().isMemberOf("Service Desk Group");

Access Controls - The Easy Way - ServiceNow Community

View solution in original post

lpruit2 · 3 weeks ago

Greetings @Segenenipri. If you wish to achieve this via some sort of client-side logic such as a Client Script or a UI Policy, I recommend utilizing a GlideAjax approach. You would be passing the current User value from your UI Policy or Client Script to a Script Include in order to perform the .isMemberOf method which is part of the GlideUser class. I will include a link to some documentation regarding GlideUser and the famous GlideAjax cheat sheet below.

isMemberOf Method

GlideAjax Cheat Sheet

However, this will require several lines of code between the client-side record, the server-side Script Include, a new function within the Script include, both the client and server side code will need to be checked for errors, the new Script Include will need sufficient permissions created, those permissions will need to be applied to the correct audience in order to take advantage of this logic.

Instead, I would recommend creating a new "write" ACL on the Assignment Group field for this table. In this new "write" ACL on the Assignment Group field, you can utilize the Advanced Condition field. I've included some JavaScript to get you started below in addition to some helpful information about ServiceNow Access Controls (ACL).

gs.getUser().isMemberOf("Service Desk Group");

Access Controls - The Easy Way - ServiceNow Community

Deepak Shaerma · 3 weeks ago

Hi @Segenenipri

use a Display Business Rule to "pre-calculate" the membership on the server and then check it in your Client Script.

Create a Display Business Rule

Table: Incident
When: Display

(function executeRule(current, previous /*null when async*/) {
    g_scratchpad.isServiceDesk = gs.getUser().isMemberOf('Service Desk'); //use sys_id of group if not working by name
})(current, previous);

Client Script:

function onLoad() {
    if (!g_scratchpad.isServiceDesk) {
        g_form.setReadOnly('assignment_group', true);
    }
}

Happy to help! If this resolved your issue, kindly mark it as the correct answer ✅ and Helpful 👍 and close the thread 🔒 so others can benefit too.
Warm Regards,
Deepak Sharma
Community Rising Star 2025

Segenenipri · 3 weeks ago

Hi Deepak, I have followed the way you have explained. But when I am impersonating with the user who is not member of that service desk group, still I am able to edit that assignment group.

Segenenipri · 3 weeks ago

Hi @Deepak Shaerma , I followed the way you have explained, but when i am impersonating with the user who is not member of that service desk group, still I am able to edit that assignment group.