- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎07-29-2019 07:23 AM
Hi All,
I've created a simple list widget on the portal of my ServiceNow instance. The simple list is set to show any live priority 1 (critical) incidents. I need this list to be available for any non-ITIL users that are in a specified group. Since the watch list dictionary points to the sys_user table, I have created a new dictionary which points to the sys_group table. This is called u_group_watch_list.
I can now add groups to the group watch list but I need to configure a business rule(?) to allow users within a group that is in the group watch list to read an incident.
I took some inspiration from this thread: https://community.servicenow.com/community?id=community_question&sys_id=b2378b29db1cdbc01dcaf3231f96...
I couldn't follow the thread to completion as they had other business rules and different configurations.
Is anyone able to advise what I need to do next?
Thanks!
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎08-01-2019 05:23 AM
Sorry, my bad, the sys id in your or condition needs to be enclosed by the same sort of quotation marks! change to this:
current.addOrCondition("u_group_watch_list', "CONTAINS", "sys_id of P1Notifications group");
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎07-29-2019 07:27 AM
It is more likely that you need to create a "read" ACL on the appropriate table and add this group to the ACL. A Business Rule is not the best method for securing access to records.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎07-30-2019 02:14 AM
Hi Ian,
I found the OOTB ACL for reading incidents if you are the current caller, opened by user, on the watch list which was:
"if (current.opened_by == gs.getUserID() || current.caller_id == gs.getUserID() || current.watch_list.indexOf(gs.getUserID()) > -1) {"
I found on another question to disable this one and add it to the following:
"if (current.opened_by == gs.getUserID() || current.caller_id == gs.getUserID() || current.watch_list.indexOf(gs.getUserID()) > -1) {
answer = true;
} else if (current.u_group_watch_list.toString().length > 0) {
var myGroups = getMyGroups().toArray();
for (var i=0; i < myGroups.length; i++) {
if (current.u_group_watch_list.toString().indexOf(myGroups[i]) > -1) {
answer = true;
break;
}
}
}"
I tried this but members of the group were unable to view the incidents on the simple list on the portal when on the "u_group_watch_list".
Is there more I need to add/change for this to work?
Thanks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎08-01-2019 02:22 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎08-01-2019 03:00 AM
You'll need to modify the incident query rule as well. Out of the box this restricts access to non-itil users to incidents on which they are the caller, that they opened or those on which they are on the watchlist.
You'll need to add an if statement and add a condition if that statement is met eg:
function restrictIncidents() {
if (!gs.hasRole("itil") && gs.isInteractive()) {
// PRB1314624: Do NOT restrict Incidents if SPM plugin is active AND user has the service_viewer role.
if (GlidePluginManager.isActive('com.snc.spm') && gs.hasRole('service_viewer'))
return;
var u = gs.getUserID();
var qc = current.addQuery("caller_id", u).addOrCondition("opened_by", u).addOrCondition("watch_list", "CONTAINS", u);
if(gs.getUser().isMemberOf('P1Notifications')){
current.addOrCondition("u_group_watch_list', "CONTAINS", "sys_id of P1Notifications group');
}
gs.print("query restricted to user: " + u);
}
}