Add non-ITIL users to a group watch list so they can see incidents in a simple list on the portal

Sam31 · ‎07-29-2019

Hi All,

I've created a simple list widget on the portal of my ServiceNow instance. The simple list is set to show any live priority 1 (critical) incidents. I need this list to be available for any non-ITIL users that are in a specified group. Since the watch list dictionary points to the sys_user table, I have created a new dictionary which points to the sys_group table. This is called u_group_watch_list.

I can now add groups to the group watch list but I need to configure a business rule(?) to allow users within a group that is in the group watch list to read an incident.

I took some inspiration from this thread: https://community.servicenow.com/community?id=community_question&sys_id=b2378b29db1cdbc01dcaf3231f96...

I couldn't follow the thread to completion as they had other business rules and different configurations.

Is anyone able to advise what I need to do next?

Thanks!

Dubz · ‎08-01-2019

Sorry, my bad, the sys id in your or condition needs to be enclosed by the same sort of quotation marks! change to this:

current.addOrCondition("u_group_watch_list', "CONTAINS", "sys_id of P1Notifications group");

View solution in original post

Ian Mildon · ‎07-29-2019

It is more likely that you need to create a "read" ACL on the appropriate table and add this group to the ACL. A Business Rule is not the best method for securing access to records.

Sam31 · ‎07-30-2019

Hi Ian,

I found the OOTB ACL for reading incidents if you are the current caller, opened by user, on the watch list which was:

"if (current.opened_by == gs.getUserID() || current.caller_id == gs.getUserID() || current.watch_list.indexOf(gs.getUserID()) > -1) {"

I found on another question to disable this one and add it to the following:

"if (current.opened_by == gs.getUserID() || current.caller_id == gs.getUserID() || current.watch_list.indexOf(gs.getUserID()) > -1) {

answer = true;

} else if (current.u_group_watch_list.toString().length > 0) {

var myGroups = getMyGroups().toArray();

for (var i=0; i < myGroups.length; i++) {

if (current.u_group_watch_list.toString().indexOf(myGroups[i]) > -1) {

answer = true;

break;

}

}"

I tried this but members of the group were unable to view the incidents on the simple list on the portal when on the "u_group_watch_list".

Is there more I need to add/change for this to work?

Thanks

Sam31 · ‎08-01-2019

I created two ACLs from this which are the below images. I didn't activate them together, only separately.

Still doesn't allow access to the incidents on the simple list on the portal.

Anyone know what I'm missing here?

Thanks

Dubz · ‎08-01-2019

You'll need to modify the incident query rule as well. Out of the box this restricts access to non-itil users to incidents on which they are the caller, that they opened or those on which they are on the watchlist.

You'll need to add an if statement and add a condition if that statement is met eg:

function restrictIncidents() {
    if (!gs.hasRole("itil") && gs.isInteractive()) {
        // PRB1314624: Do NOT restrict Incidents if SPM plugin is active AND user has the service_viewer role.
        if (GlidePluginManager.isActive('com.snc.spm') && gs.hasRole('service_viewer'))
            return;

        var u = gs.getUserID();
        var qc = current.addQuery("caller_id", u).addOrCondition("opened_by", u).addOrCondition("watch_list", "CONTAINS", u);

if(gs.getUser().isMemberOf('P1Notifications')){
current.addOrCondition("u_group_watch_list', "CONTAINS", "sys_id of P1Notifications group');
}

        gs.print("query restricted to user: " + u);
    }
	}