ACL to Allow Group Managers to Write to Field

J Benson
Tera Contributor

Hello Experts,

 

I have a request from a user to create an ACL that restricts who can write to the Scrum Role field on our Group Members table. Our customer would like to restrict write access to users:

  • in the ITBM Administrators group OR
  • has the 'safe_scrum_master' or 'safe_product_owner' role OR
  • is a group manager.

The last requirement is the one throwing me off as 'group manager' isn't a specific role I can zero in on and I'm not certain where in ServiceNow that property is set. Below is the code as I have it. Any suggestions? Please note the customer wants ANY group manager to have write access to the Scrum Role field. 

 

 

if (gs.getUser().isMemberOf('ITBM Administrator') || 
	gs.getUser().hasRole('safe_scrum_master') || 
	gs.getUser().hasRole('safe_product_owner') ||
    answer = true;
else
    answer = false;

 

 

Thanks in advance!

James B.

1 ACCEPTED SOLUTION

Murthy Ch
Giga Sage

Hi @J Benson 

Then try below code and give the isManager field backend name correctly.

var grManager;
var grM=new GlideRecord("sys_user");
grM.addQuery("sys_id",gs.getUserID());
grM.addQuery("u_ismanager","true");  //here give the ismanager checkbox field name correctly
grM.query();
if(grM.next())
{
grManager=1;  //if manager checkbox is true....
}
else
{
grManager=0;
}
if (gs.getUser().isMemberOf('ITBM Administrator') || 
	gs.getUser().hasRole('safe_scrum_master') || 
	gs.getUser().hasRole('safe_product_owner') || grManager)   //added here
    answer = true;
else
    answer = false;

Hope it helps.

 

Thanks,
Murthy

View solution in original post

9 REPLIES 9

Murthy Ch
Giga Sage

Hi @J Benson 

You can check whether logged-in user is a manager of any group or not by using below logic:

 

var grManager;
var grM=new GlideRecord("sys_user_group");
grM.addQuery("manager","CONTAINS", gs.getUserID());
grM.query();
if(grM.next())
{
grManager=1;  //if he is manager for any of the group
}
else
{
grManager=0;
}
if (gs.getUser().isMemberOf('ITBM Administrator') || 
	gs.getUser().hasRole('safe_scrum_master') || 
	gs.getUser().hasRole('safe_product_owner') || grManager)   //added here
    answer = true;
else
    answer = false;

 

(=tested)

Hope it helps.

 

Thanks,
Murthy

Murthy, 

 

Thank you for the assistance! Not quite there yet though. Impersonating a user who is verified as a manager and still unable to directly edit. I'm not seeing any other ACL in the way?

JBenson_0-1665156731337.png

JBenson_1-1665156766708.png

 

 

Murthy Ch
Giga Sage

Hi @J Benson 

In the above script I was checking using the group table.

But as per your above screenshot IS Manager checkbox is present in user table?
So you want to validate using that checkbox?
If yes we need to update the script.

 

Thanks,
Murthy

Murthy, 

 

That's correct. As far as I know, the 'Manager' checkbox is only present on the user record. So yes, how would we validate using that checkbox?

 

Thanks in advance,

James