ACL for sc_request table field: Requested for

ajlabate · ‎10-10-2014

When a user is submitting a request from the Service Catalog, I present them with a variable field that is pre-populated with them as the requester. They have the ability to enter a different valid name if they are submitting it for someone else. When I test this it works fine, but that's because I am an admin. I'm trying to figure out how to make that field in the sc_request table editable by anyone (even users). I created an ACL for the field with no conditions and no script. I just added the user role to be able to execute, create, or write. However, this does not work. Can someone tell me what I need to do to make this work so that anyone submitting a request from the catalog will have the ability to overwrite this field?

ajlabate · ‎03-19-2015

I did get this resolved, but can't remember the actual fix. The only thing I could find was that I updated the "Write" operations of the ACL's for sc_cart.* and sc_cart to force the script to always evaluate to True. This is what I have in the Script section:

var answer = true;

answer;

No roles or conditions are used. See if that does the trick for you.

>>> Marik Daniel <community-no-reply@servicenow.com> 3/18/2015 3:35 PM >>>

( https://community.servicenow.com/?et=watches.email.thread )

ACL for sc_request table field: Requested for

reply from Marik Daniel ( https://community.servicenow.com/people/NMSLAcker?et=watches.email.thread ) in Authentication - View the full discussion ( https://community.servicenow.com/message/765519?et=watches.email.thread#765519 )

Anthony did you get this fixed in your Dublin instance yet?

I am running into the same problem with our script not populating for non-admin users.

It was working until recent patching.

I've looked at the sc_cart ACL's and even made one specific to the Requested_for field but it is still not working.

Even specifying the test user directly in the ACL's didn't work for the non admin user.

We are currently on patch dublin-09-13-2013__patch7-hotfix5-01-22-2015 where the script is not working.

I believe we were on patch 3 when it was known to be working.

Any feedback you might have would be useful.

Reply to this message by going to ServiceNow ( https://community.servicenow.com/message/765519?et=watches.email.thread#765519 )

Start a new discussion in Authentication at ServiceNow ( https://community.servicenow.com/choose-container.jspa?contentType=1&containerType=14&container=2103&et=watches.email.thread )

Following ACL for sc_request table field: Requested for ( https://community.servicenow.com/message/765519?et=watches.email.thread#765519 ) in these streams: Inbox

( https://www.facebook.com/servicenow ) ( https://twitter.com/servicenow ) ( http://www.linkedin.com/company/servicenow ) ( http://www.servicenow.com )

"This electronic mail message contains information which may be confidential, privileged and protected from further disclosure. Such information relates to and is used for all purposes outlined in the statutes below, including Peer Review, Performance Improvement, Quality Assurance and Claims Management and Handling functions and/or Attorney-Client Communications. It is being produced within the scope of all Georgia and Federal laws governing record confidentiality, including (but not limited to) Official Code of Georgia Annotated Sections 31-7-15; 31-7-130; 31-7-131; 31-7-132; 31-7-133; 31-7-140; 31-7-143.

If you are not the intended recipient, please be aware that any disclosure, photocopying, distribution or use of the contents of the received information is prohibited. If you have received this e-mail in error, please reply to the sender immediately and permanently delete this message and all copies of it. Thank you.

Communication of electronic protected health information (ePHI) is protected under the Health Insurance Portability and Accountability Act (HIPAA) Act of 1996. Electronic mail (e-mail) communication is not encrypted or secure. The HIPAA Security Rule allows for patients to initiate communication of personal health information over this medium and for providers to respond accordingly with the understanding that privacy of communication is not guaranteed."

View solution in original post

ajlabate · ‎10-10-2014

The variable is displayed on the task. I want the table field to be overwritten with the variable. This works fine when I'm testing as an admin. But when a non-Admin tries (e.g. itil user) it does not over write the field.

Jake Gillespie · ‎10-11-2014

Hi Anthony,

To clarify, you cannot use ACLs to control variables. They only work on table fields. If I understand your question correctly, you want a non-admin user to be able to change the "Requested For" reference field on the Checkout screen? I believe that non-admin (any ESS user for that matter) should be able to change this in standard (unchanged) Dublin instance. Are the non-admin users able to change the field but the value is not saved? In any case I think an ACL is preventing the non-admin users from changing the value to a user other than themselves. Try checking which ACLs are currently configured on the Request (sc_request) table and the Requested For (requested_for) field. The following Wiki article may help with clarification of rule processing orders etc.

Using Access Control Rules

Regards,

Jake

ajlabate · ‎10-13-2014

I can't find any ACLs affecting this.

ajlabate · ‎10-13-2014

I turned on the debugger, and this is the error the non-admin user gets...

08:46:09.940: TIME = 0:00:00.000 PATH = record/sc_cat_item_guide.name/read RULE = ((((hasRole(catalog_admin) )) SEQ ((hasRole(catalog_admin,public) )) SEQ ((hasRole() AND script=gs.hasRole('admin') || gs.getProperty('glide.sm.default_mode') == 'allow') OR (hasRole() AND script=var ra = false; if (root_rule.substring(0,7)=='var__m_') { var wa = gs.getUser().hasRole('workflow_admin'); var wc = gs.getUser().hasRole('workflow_creator'); var fn = gs.getUser().hasRole('normalizer'); if (wa || wc || fn) ra = true; } ra; ) OR (hasRole() AND script=typeof g_approval_form_request != "undefined" && g_approval_form_request == true;))) AND (((hasRole(public) )))) RC = false

Here's the sc_cart error from the debugger:

10:13:52.762: TIME = 0:00:00.000 PATH = record/sc_cart.current_crumb_history/write RULE = ((((hasRole() AND script=var answer = true; answer;)) SEQ ((hasRole() AND script=gs.hasRole('admin') || gs.getProperty('glide.sm.default_mode') == 'allow') OR (hasRole() AND script=var ra = false; if (root_rule.substring(0,7)=='var__m_' || root_rule == 'wf_workflow.vars') { ra = gs.getUser().hasRole('workflow_creator') || gs.getUser().hasRole('normalizer'); } ra; ))) AND (((hasRole() AND script=var answer = true; answer;)))) RC = false

Ivan Martez · ‎10-11-2014

The Requested For on the sc_request gets populated from the user field on the sc_cart table. Once a request is submitted that info is passed to the newly created Request. What you mat want to consider is running a client side script that changes the user field on the sc_cart. For example, if I have a variable called "Requestor" on a catalog item. I can change that variable to someone else and it will update the sc_cart record, this way, when I checkout, that field is already updated with the new value and the request will be as well. Here is how I did it.

Script Include:

var CartUtilityAjax = Class.create();

CartUtilityAjax.prototype = Object.extendsObject(AbstractAjaxProcessor, {

setRequestedFor: function() {

var user = this.getParameter('sysparm_catalog_user');

var reqFor = this.getParameter('sysparm_requested_for');

var cart = new GlideRecord('sc_cart');

cart.addQuery('user.sys_id', user);

cart.query();

if (cart.next()) {

cart.requested_for = reqFor;

cart.update();

}

});

Catalog Client Script:

function onChange(control, oldValue, newValue, isLoading) {

if (!isLoading) {

var userid = g_user.userID; //Logged In User

var newid = g_form.getValue('dl_requested_for'); //Replace with your variable

var gac = new GlideAjax('CartUtilityAjax');

gac.addParam('sysparm_name', 'setRequestedFor');

gac.addParam('sysparm_catalog_user', userid);

gac.addParam('sysparm_requested_for', newid);

gac.getXML();

}