ACL restriction for one assignment group to only members

Daniela18
Tera Contributor

‎06-18-2020 02:51 AM

I have a requirement to restrict incidents assigned to group "Network" to only network group members.

I tried this ACL. Can someone tell me what I am doing wrong because when I impersonate someone not in network I can read/ update/ write on the incident etc.

find_real_file.png

Labels:
Preview file
93 KB
0 Helpfuls
  • 3,281 Views
24 REPLIES 24

MrMuhammad
Giga Sage

‎06-18-2020 04:36 AM

Hi Daniela,

 

For restricting records of specific group to their members, It is recommended to use Before Query Business rule instead of ACLs. You can see my response to the similar question on the below thread.

https://community.servicenow.com/community?id=community_question&sys_id=1349fc14dbad141023f4a345ca96...

 

For your ease, I am posting the same code here. it is tested and validated.

  var currentUser = gs.getUser();
  var isMember = currentUser.isMemberOf('SYS_ID_OF_GROUP');

  if (isMember == false) {
      if (gs.getSession().isInteractive()) {
         var query = current.addQuery('assignment_group', "!=", 'SYS_ID_OF_GROUP');
      }


  }

 

Please mark this accepted & helpful if it answered your question.

Thanks & Regards,
Sharjeel

Regards,
Muhammad
0 Helpfuls

Daniela18
Tera Contributor
In response to MrMuhammad

‎06-18-2020 05:11 AM

I tested this but it did not work.

Are you sure it is verified. It was not marked as the solution in the link you added.

Preview file
38 KB
0 Helpfuls

MrMuhammad
Giga Sage
In response to Daniela18

‎06-18-2020 05:26 AM

Can you confirm if the BR is Before Query and what addInfoMessages return?  It is working flawlessly for me.

Regards,
Muhammad
0 Helpfuls

MrMuhammad
Giga Sage
In response to MrMuhammad

‎06-18-2020 05:43 AM

I think you have missed wrapping the code inside function. 

please copy paste below.

(function executeRule(current, previous /*null when async*/ ) {
    //   a18eab07931331003b4bb095e57ffbdf
    var currentUser = gs.getUser();
    var isMember = currentUser.isMemberOf('a18eab07931331003b4bb095e57ffbdf');
    gs.addInfoMessage(isMember + "======" + currentUser);
   
    if (isMember == false) {
        gs.addInfoMessage(isMember + "======" + currentUser);

        if (gs.getSession().isInteractive()) {
            var query = current.addQuery('assignment_group', "!=", 'a18eab07931331003b4bb095e57ffbdf');
        }
    }


})(current, previous);

Regards,
Muhammad
0 Helpfuls

Daniela18
Tera Contributor
In response to MrMuhammad

‎06-18-2020 06:27 AM

Where will I see this info message?

0 Helpfuls