Access control help

Andrew_TND · ‎12-30-2024

I've created a "READ" access control which has worked...ish. For some reason its now showing a blank placeholder where the record should be, any ideas how I can just remove this completely?

I did try and configure it instead however the dynamic "is one of my groups" didnt seem to work so had to go down the scripting route.

Script condition

answer = true;

if (current.u_nda) {
	var group = current.u_authorized_group;

	if (!gs.getUser().isMemberOf(group)) {
		answer = false;
	}
}

Andrew_TND · ‎01-02-2025

Hey all, I managed to get it working using "addEncodedQuery()" which is actually really simple.

//When to run: Before
//Order: 1000
// Query: True

(function executeRule(current, previous) {
    var query = '';
    query = "u_authorized_groupDYNAMICd6435e965f510100a9ad2572f2b47744^ORu_authorized_groupISEMPTY";
    current.addEncodedQuery(query);
})(current, previous);

Thank you everyone for your help!

View solution in original post

Andrew_TND · ‎12-30-2024

Hi, I tried None but didnt work. And I also tried the script you provided however it just hid all the records not just the ones which I'm trying to filter out.

Ankur Bawiskar · ‎12-30-2024

@Andrew_TND

try this

(function executeRule(current, previous /*null when async*/ ) {

    // Add your code here
    var groups = new global.ArrayUtil().convertArray(gs.getUser().getMyGroups());
    current.addEncodedQuery('u_nda=true^u_authorized_groupNOT IN' + groups).addOrCondition('u_nda', false);

})(current, previous);

If my response helped please mark it correct and close the thread so that it benefits future readers.

Regards,
Ankur
✨ Certified Technical Architect || ✨ 9x ServiceNow MVP || ✨ ServiceNow Community Leader

Runjay Patel · ‎12-30-2024

Hi @Andrew_TND ,

Why are you giving table.*? are you trying to hide all fields on project table if conditions matches? if not and trying to provide read access at record level then you should use table.none.

-------------------------------------------------------------------------

If you found my response helpful, please consider selecting "Accept as Solution" and marking it as "Helpful." This not only supports me but also benefits the community.

Regards
Runjay Patel - ServiceNow Solution Architect
YouTube: https://www.youtube.com/@RunjayP
LinkedIn: https://www.linkedin.com/in/runjay

-------------------------------------------------------------------------

Andrew_TND · ‎01-01-2025

Hi all, I think I'm onto something.

After reading Dynamic filter 'One of My Groups' does not work for Glide List type field with more than one item - ... apparently "One of my groups" is basically worthless in ACL and Data filtration.

So I went down the BS route, this script works perfectly where if the user is IN the group it hides the record but I need it to do the opposite, I've tried NOT IN however nothing happens.

(function executeRule(current, gsn) {

    var usergroups = [];
    var groupgr = new GlideRecord('sys_user_grmember');
    groupgr.addQuery('user', gs.getUserID());
    groupgr.query();
    while (groupgr.next()) {
        usergroups.push(groupgr.group.toString());
    }
    current.addQuery('u_authorized_group', 'IN', usergroups);
})(current, gsn);

Andrew_TND · ‎01-02-2025

Hey all, I managed to get it working using "addEncodedQuery()" which is actually really simple.

//When to run: Before
//Order: 1000
// Query: True

(function executeRule(current, previous) {
    var query = '';
    query = "u_authorized_groupDYNAMICd6435e965f510100a9ad2572f2b47744^ORu_authorized_groupISEMPTY";
    current.addEncodedQuery(query);
})(current, previous);

Thank you everyone for your help!