Allow access for inactive users for payroll group

Sruthi17
Kilo Sage

Hi Experts,

 

We have a OOTB business rule "Query Users" that checks if the logged in user has admin or user admin role. If the logged in user does not have the roles, then restricts access to the inactive users by addinga query condition in the query business rule.
Now that I want to allow access to the payroll group, but because its not very correct to edit the business rule, can anyone suggest best solution to implement this?

Business Rule:
When : Before Query

Condition: gs.getSession().isInteractive() && !(gs.hasRole("admin") || gs.hasRole("user_admin"))
Script: 

current.addActiveQuery();
1 ACCEPTED SOLUTION

Robert H
Mega Sage

Hello @Sruthi17 ,

 

I've come across similar requirements a lot and found that there is no perfect solution. You basically have to choose between the following options:

 

1) Grant the user_admin role to the Payroll group. This will make them see the inactive users, but will also grant them other access that maybe they should not have.

 

2) Create a new role, e.g. "can_see_inactive_users", and grant it to the Payroll group. Then disable the OOTB Businesss Rule and create a copy that checks for this additional role as well.

 

Regards,

Robert

View solution in original post

2 REPLIES 2

Robert H
Mega Sage

Hello @Sruthi17 ,

 

I've come across similar requirements a lot and found that there is no perfect solution. You basically have to choose between the following options:

 

1) Grant the user_admin role to the Payroll group. This will make them see the inactive users, but will also grant them other access that maybe they should not have.

 

2) Create a new role, e.g. "can_see_inactive_users", and grant it to the Payroll group. Then disable the OOTB Businesss Rule and create a copy that checks for this additional role as well.

 

Regards,

Robert

Ankur Bawiskar
Tera Patron
Tera Patron

@Sruthi17 

Approach shared by @Robert H is the best possible way.

If my response helped please mark it correct and close the thread so that it benefits future readers.

Regards,
Ankur
Certified Technical Architect  ||  9x ServiceNow MVP  ||  ServiceNow Community Leader