ACL to Allow Group Managers to Write to Field

J Benson · ‎10-07-2022

Hello Experts,

I have a request from a user to create an ACL that restricts who can write to the Scrum Role field on our Group Members table. Our customer would like to restrict write access to users:

in the ITBM Administrators group OR
has the 'safe_scrum_master' or 'safe_product_owner' role OR
is a group manager.

The last requirement is the one throwing me off as 'group manager' isn't a specific role I can zero in on and I'm not certain where in ServiceNow that property is set. Below is the code as I have it. Any suggestions? Please note the customer wants ANY group manager to have write access to the Scrum Role field.

if (gs.getUser().isMemberOf('ITBM Administrator') || 
	gs.getUser().hasRole('safe_scrum_master') || 
	gs.getUser().hasRole('safe_product_owner') ||
    answer = true;
else
    answer = false;

Thanks in advance!

James B.

Murthy Ch · ‎10-07-2022

Hi @J Benson

Then try below code and give the isManager field backend name correctly.

var grManager;
var grM=new GlideRecord("sys_user");
grM.addQuery("sys_id",gs.getUserID());
grM.addQuery("u_ismanager","true");  //here give the ismanager checkbox field name correctly
grM.query();
if(grM.next())
{
grManager=1;  //if manager checkbox is true....
}
else
{
grManager=0;
}
if (gs.getUser().isMemberOf('ITBM Administrator') || 
	gs.getUser().hasRole('safe_scrum_master') || 
	gs.getUser().hasRole('safe_product_owner') || grManager)   //added here
    answer = true;
else
    answer = false;

Hope it helps.

Thanks,
Murthy

View solution in original post

Murthy Ch · ‎10-07-2022

Hi @J Benson

Then try below code and give the isManager field backend name correctly.

var grManager;
var grM=new GlideRecord("sys_user");
grM.addQuery("sys_id",gs.getUserID());
grM.addQuery("u_ismanager","true");  //here give the ismanager checkbox field name correctly
grM.query();
if(grM.next())
{
grManager=1;  //if manager checkbox is true....
}
else
{
grManager=0;
}
if (gs.getUser().isMemberOf('ITBM Administrator') || 
	gs.getUser().hasRole('safe_scrum_master') || 
	gs.getUser().hasRole('safe_product_owner') || grManager)   //added here
    answer = true;
else
    answer = false;

Hope it helps.

Thanks,
Murthy

J Benson · ‎10-07-2022

Murthy,

I edited as suggested (backend field name is 'u_is_manager') but result is still the same when impersonating user.

var grManager;
var grM=new GlideRecord("sys_user");
grM.addQuery("sys_id",gs.getUserID());
grM.addQuery("u_is_manager","true");
grM.query();
if(grM.next())
{
grManager=1;
}
else
{
grManager=0;
}
if (gs.getUser().isMemberOf('ITBM Administrator') || 
	gs.getUser().hasRole('safe_scrum_master') || 
	gs.getUser().hasRole('safe_product_owner') || grManager)
    answer = true;
else
    answer = false;

Murthy Ch · ‎10-07-2022

Hi @J Benson

I don't think there is any issue in the script.

Can you share the ACL configuration screenshot?

So that I can have a look on the same.

Thanks,
Murthy

J Benson · ‎10-07-2022

Murthy,

After speaking with the customer again, it appears 'u_is_manager' is not what we're looking to capture. The requirement is for any group manager. They recommended creating a GlideRecord to run through all the groups and look for group managers, but I'm not sure we want an ACL doing that much work. We'll have to re-evaluate how we want to approach this requirement.

I'll mark your previous answer as the solution.

Thanks for all your help,

James

Murthy Ch · ‎10-07-2022

Hi @J Benson

In that case you can use the script which I shared earlier.

Are you looking to give the access in the list view? If yes you need to write list_edit ACL.

Thanks,
Murthy