ACL restriction for one assignment group to only members

Daniela18 · ‎06-18-2020

I have a requirement to restrict incidents assigned to group "Network" to only network group members.

I tried this ACL. Can someone tell me what I am doing wrong because when I impersonate someone not in network I can read/ update/ write on the incident etc.

Ankur Bawiskar · ‎06-18-2020

Hi,

please share your script and screenshot

Did you apply the encoded query correctly?

Regards
Ankur

Regards,
Ankur
✨ Certified Technical Architect || ✨ 9x ServiceNow MVP || ✨ ServiceNow Community Leader

Daniela18 · ‎06-18-2020

so 1. I turned off the ACL since I assume this BR replaces it

2. then pasted in the exact sentence:

Ankur Bawiskar · ‎06-18-2020

Hi Daniela,

please update; small change

So now when member of network group goes to incident he/she see

1) only those incidents where assignment group is Network

2) AND Category is Software

3) AND Sub Category is Email

4) AND Service is Email

current.addEncodedQuery('assignment_group.name=Network^category=software^subcategory=email^service=email');

Mark ✅ Correct if this solves your issue and also mark 👍 Helpful if you find my response worthy based on the impact.
Thanks
Ankur

Regards,
Ankur
✨ Certified Technical Architect || ✨ 9x ServiceNow MVP || ✨ ServiceNow Community Leader

Mahesh Kumar7 · ‎06-18-2020

Hi Daniela,

You can also restrict this query using query BR.

Create a B-Rule, before -> query - true and use the below script:

if(!gs.getUser().isMemberOf('Network')){

current.addQuery('assignment_group','!=','sys_id of Network Group')

}

Can you try this if it helps.

Daniela18 · ‎06-18-2020

Tested but did not help