ACL to Allow Group Managers to Write to Field

Go to solution
J Benson
Tera Contributor

‎10-07-2022 07:50 AM

Hello Experts,

 

I have a request from a user to create an ACL that restricts who can write to the Scrum Role field on our Group Members table. Our customer would like to restrict write access to users:

  • in the ITBM Administrators group OR
  • has the 'safe_scrum_master' or 'safe_product_owner' role OR
  • is a group manager.

The last requirement is the one throwing me off as 'group manager' isn't a specific role I can zero in on and I'm not certain where in ServiceNow that property is set. Below is the code as I have it. Any suggestions? Please note the customer wants ANY group manager to have write access to the Scrum Role field. 

 

 

if (gs.getUser().isMemberOf('ITBM Administrator') || 
	gs.getUser().hasRole('safe_scrum_master') || 
	gs.getUser().hasRole('safe_product_owner') ||
    answer = true;
else
    answer = false;

 

 

Thanks in advance!

James B.

Labels:
0 Helpfuls
  • 1,112 Views
1 ACCEPTED SOLUTION

Go to solution
Murthy Ch
Giga Sage

‎10-07-2022 08:55 AM

Hi @J Benson 

Then try below code and give the isManager field backend name correctly.

var grManager;
var grM=new GlideRecord("sys_user");
grM.addQuery("sys_id",gs.getUserID());
grM.addQuery("u_ismanager","true");  //here give the ismanager checkbox field name correctly
grM.query();
if(grM.next())
{
grManager=1;  //if manager checkbox is true....
}
else
{
grManager=0;
}
if (gs.getUser().isMemberOf('ITBM Administrator') || 
	gs.getUser().hasRole('safe_scrum_master') || 
	gs.getUser().hasRole('safe_product_owner') || grManager)   //added here
    answer = true;
else
    answer = false;

Hope it helps.

 

Thanks,
Murthy

View solution in original post

9 REPLIES 9

Go to solution
Murthy Ch
Giga Sage

‎10-07-2022 08:00 AM - edited ‎10-07-2022 08:04 AM

Hi @J Benson 

You can check whether logged-in user is a manager of any group or not by using below logic:

 

var grManager;
var grM=new GlideRecord("sys_user_group");
grM.addQuery("manager","CONTAINS", gs.getUserID());
grM.query();
if(grM.next())
{
grManager=1;  //if he is manager for any of the group
}
else
{
grManager=0;
}
if (gs.getUser().isMemberOf('ITBM Administrator') || 
	gs.getUser().hasRole('safe_scrum_master') || 
	gs.getUser().hasRole('safe_product_owner') || grManager)   //added here
    answer = true;
else
    answer = false;

 

(=tested)

Hope it helps.

 

Thanks,
Murthy

Go to solution
J Benson
Tera Contributor
In response to Murthy Ch

‎10-07-2022 08:33 AM

Murthy, 

 

Thank you for the assistance! Not quite there yet though. Impersonating a user who is verified as a manager and still unable to directly edit. I'm not seeing any other ACL in the way?

JBenson_0-1665156731337.png

JBenson_1-1665156766708.png

 

 

0 Helpfuls

Go to solution
Murthy Ch
Giga Sage

‎10-07-2022 08:41 AM

Hi @J Benson 

In the above script I was checking using the group table.

But as per your above screenshot IS Manager checkbox is present in user table?
So you want to validate using that checkbox?
If yes we need to update the script.

 

Thanks,
Murthy

Go to solution
J Benson
Tera Contributor
In response to Murthy Ch

‎10-07-2022 08:43 AM

Murthy, 

 

That's correct. As far as I know, the 'Manager' checkbox is only present on the user record. So yes, how would we validate using that checkbox?

 

Thanks in advance,

James

0 Helpfuls