Hi, I suspect there is some confusion as a query business rule is used to filter\exclude data from visibility and your code shows no  GlideRecord 'add' type methods and includes a setAbortAction() which I would not expect in a QBR.

Can you update this thread to clarify your requirements and intended use case?

Example QBR's from a PDI
/sys_script_list.do?sysparm_query=action_query%3Dtrue&sysparm_view=

HI @afroz8049 ,
I trust you are doing great.
Please find the below revised script for the same.

(function executeRule(current, previous /*null when async*/) {
    // Assuming this is a Business Rule on the sc_req_item table
    var currentUser = gs.getUser();
    var groupId = gs.getProperty('askhr.group.property'); // Ensure this property is correctly set
    var catalogItemId = gs.getProperty('askhr.catalog.item.property'); // Ensure this property is correctly set

    // Assuming 'cat_item' is the field that holds the catalog item reference
    var requestedCatalogItem = current.cat_item.toString();

    // Log for debugging
    gs.info("Current Catalog Item: " + requestedCatalogItem);
    gs.info("Requested For User: " + current.requested_for);
    gs.info("Configured Catalog Item: " + catalogItemId);

    // Check if the catalog item is Ask HR
    if (requestedCatalogItem === catalogItemId) {
        gs.info("Accessing Ask HR catalog item.");

        // Check if the current user is either the requested_for user or a member of the HR group
        if (current.requested_for == currentUser.getID() || currentUser.isMemberOf(groupId)) {
            gs.info("Permission granted to view the record.");
            // Logic to show the request and RITM could be handled here or via ACLs
        } else {
            // Logic to hide the request and RITM; might need to be handled via ACLs for effective enforcement
            gs.info("Permission denied to view the record.");
            // Note: setAbortAction and addErrorMessage are not typically used for visibility control in portal/backend
        }
    } else {
        gs.info("Not an Ask HR catalog item.");
    }
})(current, previous);

Use Case: Whenever an end user submits the Ask HR catalog item, the request and RITM should be visible on the portal level and backend to that user and HR group only, but when other ITIL users try to access those records from the backend, it should not be visible or accessible as it's confidential data.

Scenario 1: When an end user submits an ASK HR catalog item, the tickets like request and RITM should only be accessible by that end user on the service portal under my tickets. 

Scenario 2: When an ITIL user submits an ASK HR Catalog item, the tickets like requests and RITM should only be visible to that ITIL user and the HR group; no other ITIL users should have access to those tickets.

Query Business Rule: RITM Table

(function executeRule(current, previous /*null when async*/ ) {

var groupId = gs.getProperty('askhr.group.property');
var catalogItemId = gs.getProperty('askhr.catalog.item.property');

// Check if the catalog item is Ask HR
if (gs.getUserID() && gs.getSession().isInteractive()) {
current.addEncodedQuery("requested_for=" + gs.getUserID());
current.query();
} else if (!gs.getUser().isMemberOf(groupId) && gs.getSession().isInteractive()) {
current.addEncodedQuery("cat_item=" + catalogItemId);
current.addQuery("requested_for", "!=", gs.getUserID());
current.query();
} else {
return;
}

})(current, previous);