Business Rule Effected Admin

KantaSasaki · 3 weeks ago

We are attempting to integrate incidents using the API.
We created an API user and assigned the custom role "itsm_write_create_api_fjdx".

We created the following business rule because we do not want the API user to read the sys_user table, but we encountered an issue where the admin user also cannot reference the sys_user table.
Why is this happening?

【Business Rule】
Table : sys_user
●When to run
When : before
Order : 100
Query : true

●Advanced
Condition : gs.hasRole('itsm_write_create_api_fjdx')
Script :
(function executeRule(current, previous /*null when async*/) {
current.addEncodedQuery('sys_id=NULL');
})(current, previous);

Ankur Bawiskar · 3 weeks ago

@KantaSasaki

there is already OOTB query BR on sys_user table

Why did you create new one?

admin role inherits all role so your query BR will block the access

Add this in condition -> so that admin can see sys_user

Condition : gs.hasRole('itsm_write_create_api_fjdx') && !gs.hasRole('admin')

💡 If my response helped, please mark it as correct ✅ and close the thread 🔒— this helps future readers find the solution faster! 🙏

Regards,
Ankur
✨ Certified Technical Architect || ✨ 9x ServiceNow MVP || ✨ ServiceNow Community Leader

Ankur Bawiskar · 3 weeks ago

@KantaSasaki

Hope you are doing good.

Did my reply answer your question?

💡 If my response helped, please mark it as correct ✅ and close the thread 🔒— this helps future readers find the solution faster! 🙏

Regards,
Ankur
✨ Certified Technical Architect || ✨ 9x ServiceNow MVP || ✨ ServiceNow Community Leader