
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-07-2022 07:50 AM
Hello Experts,
I have a request from a user to create an ACL that restricts who can write to the Scrum Role field on our Group Members table. Our customer would like to restrict write access to users:
- in the ITBM Administrators group OR
- has the 'safe_scrum_master' or 'safe_product_owner' role OR
- is a group manager.
The last requirement is the one throwing me off as 'group manager' isn't a specific role I can zero in on and I'm not certain where in ServiceNow that property is set. Below is the code as I have it. Any suggestions? Please note the customer wants ANY group manager to have write access to the Scrum Role field.
if (gs.getUser().isMemberOf('ITBM Administrator') ||
gs.getUser().hasRole('safe_scrum_master') ||
gs.getUser().hasRole('safe_product_owner') ||
answer = true;
else
answer = false;
Thanks in advance!
James B.
Solved! Go to Solution.
- Labels:
-
Service Catalog
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-07-2022 08:55 AM
Hi @J Benson
Then try below code and give the isManager field backend name correctly.
var grManager;
var grM=new GlideRecord("sys_user");
grM.addQuery("sys_id",gs.getUserID());
grM.addQuery("u_ismanager","true"); //here give the ismanager checkbox field name correctly
grM.query();
if(grM.next())
{
grManager=1; //if manager checkbox is true....
}
else
{
grManager=0;
}
if (gs.getUser().isMemberOf('ITBM Administrator') ||
gs.getUser().hasRole('safe_scrum_master') ||
gs.getUser().hasRole('safe_product_owner') || grManager) //added here
answer = true;
else
answer = false;
Hope it helps.
Murthy
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-07-2022 08:00 AM - edited 10-07-2022 08:04 AM
Hi @J Benson
You can check whether logged-in user is a manager of any group or not by using below logic:
var grManager;
var grM=new GlideRecord("sys_user_group");
grM.addQuery("manager","CONTAINS", gs.getUserID());
grM.query();
if(grM.next())
{
grManager=1; //if he is manager for any of the group
}
else
{
grManager=0;
}
if (gs.getUser().isMemberOf('ITBM Administrator') ||
gs.getUser().hasRole('safe_scrum_master') ||
gs.getUser().hasRole('safe_product_owner') || grManager) //added here
answer = true;
else
answer = false;
(=tested)
Hope it helps.
Murthy

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-07-2022 08:33 AM
Murthy,
Thank you for the assistance! Not quite there yet though. Impersonating a user who is verified as a manager and still unable to directly edit. I'm not seeing any other ACL in the way?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-07-2022 08:41 AM
Hi @J Benson
In the above script I was checking using the group table.
But as per your above screenshot IS Manager checkbox is present in user table?
So you want to validate using that checkbox?
If yes we need to update the script.
Murthy

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-07-2022 08:43 AM
Murthy,
That's correct. As far as I know, the 'Manager' checkbox is only present on the user record. So yes, how would we validate using that checkbox?
Thanks in advance,
James