- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-12-2025 03:44 AM
Hello All,
I am creating Read ACL on the RITM table , i have included ITIL role in role condition and Assignment group is dynamic one of my groups or Assigned to is dynamic me in Data Condition(This restriction is working as expected). Along with this i want to also include catalog task assignment groups members to be able to see RITM's . How to include this in ACL script .
Note: I don't want to use query Business Rule.
Thanks in advance
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-12-2025 04:50 AM
@zeeshan ahmed I've created new Read ACL on sc_req_item table with the below script and it's working as expected.
answer = false;
var groups = [];
var tasks = new GlideRecord('sc_task');
tasks.addEncodedQuery('request_item='+current.sys_id);
tasks.query();
while (tasks.next()) {
if (!gs.nil(tasks.assignment_group)) {
groups.push(tasks.getDisplayValue('assignment_group'));
}
}
for (var i = 0; i < groups.length; i++) {
if (gs.getUser().isMemberOf(groups[i])) {
answer = true;
break;
}
}
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-12-2025 03:59 AM - edited 05-12-2025 04:51 AM
Try the script below. It will fetch the SC task assignment groups and validate whether the currently logged-in user is part of the group or not. Additionally, create a separate ACL for this instead of updating the existing one. This will make it easier to manage.
answer = false;
var groups = [];
var tasks = new GlideRecord('sc_task');
tasks.addEncodedQuery('request_item='+current.sys_id);
tasks.query();
while (tasks.next()) {
if (!gs.nil(tasks.assignment_group)) {
groups.push(tasks.getDisplayValue('assignment_group'));
}
}
for (var i = 0; i < groups.length; i++) {
if (gs.getUser().isMemberOf(groups[i])) {
answer = true;
break;
}
}Regards,
Siva
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-12-2025 03:59 AM
Hi @zeeshan ahmed
Please check the Advanced Box and use the ACL Script to achieve this requirement only for these type of dynamic conditions:
Sample Script:
(function() {
var userID = gs.getUserID();
//Check if user is the Assigned to on RITM
if (current.assigned_to && current.assigned_to == userID) {
return true;
}
//Check if user is in the RITM assignment group
if (current.assignment_group) {
var am = new GlideUserMembership();
if (am.isMemberOfGroup(userID, current.assignment_group)) {
return true;
}
}
//Now check if user is member of ANY Catalog Task's Assignment Group linked to this RITM
// Catalog Tasks are linked to RITM by request_item (field request_item on sc_task)
var taskGR = new GlideRecord('sc_task');
taskGR.addQuery('request_item', current.sys_id);
taskGR.query();
while (taskGR.next()) {
var taskAssignmentGroup = taskGR.assignment_group;
if (taskAssignmentGroup) {
var gm = new GlideUserMembership();
if (gm.isMemberOfGroup(userID, taskAssignmentGroup)) {
return true;
}
}
}
// If none of the above, deny access
return false;
})();If this helps you, please mark my response as Helpful and Accepted Solution. It will help other community members as well.
Regards,
Deepak Sharma
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-12-2025 04:00 AM
Something like this should work
// Get current user ID
var userId = gs.getUserID();
// Query sc_task linked to this RITM
var taskGR = new GlideRecord('sc_task');
taskGR.addQuery('request_item', current.sys_id);
taskGR.query();
while (taskGR.next()) {
// Check if user is Assigned To
if (taskGR.assigned_to == userId) {
answer = true;
return;
}
// Check if user is a member of the Assignment Group
if (!taskGR.assignment_group.nil()) {
var groupMemberGR = new GlideRecord('sys_user_grmember');
groupMemberGR.addQuery('group', taskGR.assignment_group);
groupMemberGR.addQuery('user', userId);
groupMemberGR.query();
if (groupMemberGR.hasNext()) {
answer = true;
return;
}
}
}
// If none matched, deny access
answer = false;
Accept the solution and mark as helpful if it does, to benefit future readers.
Regards,
Sumanth
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-12-2025 04:35 AM
you can use advanced script
share what script did you start with and where are you stuck?
If my response helped please mark it correct and close the thread so that it benefits future readers.
Ankur
✨ Certified Technical Architect || ✨ 9x ServiceNow MVP || ✨ ServiceNow Community Leader
