Can I have a Assignment Group have their request locked down away from all other assignment groups?

Andrew Meza · ‎04-17-2024

I am looking to create a HR group where they can handle employee investigations, and other sensitive information. However, I don't want other ITIL users (ex. service desk) to view these requests. I ideally, I want only HR staff and Admins to be able to look at these requests. All other group should get access denied. I am a beginner developer, so I am not a coding wizard. Any thoughts on how I should go about this?

AndersBGS · ‎04-17-2024

Hi @Andrew Meza ,

Look at the data filtration rule plugin from ServiceNow. This will mask the table records based on defined filtration rules.

If my answer has helped with your question, please mark my answer as accepted solution and give a thumb up.

Best regards

Anders

If my answer has helped with your question, please mark my answer as the accepted solution and give a thumbs up.

Best regards
Anders

Rising star 2024
MVP 2025
linkedIn: https://www.linkedin.com/in/andersskovbjerg/

View solution in original post

johnfeist · ‎04-17-2024

Hi Andrew,

I ran into the same situation quite a while back. The way that I handled it was by setting up a before query business rule on the incident table. In order to make the functionality more generalized, I also added a field, business, to the assignment group table. That business carries forward into the user record.

The before query rule looks at what business a user is in and will only display incidents that the user created or that are assigned to a group whose business is one that the user has. Admins get to see everything.

This can get a little complicated so please feel free to come back with questions.

Hope that helps.

:{)

Helpful and Correct tags are appreciated and help others to find information faster

Andrew Meza · ‎04-17-2024

Thank you for the response. Do you think this can be pulled off similar but for REQ, RITM, and scTask?

johnfeist · ‎04-17-2024

I'll give you a qualified yes. You probably don't need it for sc_request because all that will show you is that someone created a request. It doesn't show you what was requested. We don't assign requested items (sc_req_item) because fulfillment is controlled by a flow (workflow or flow designer) but for sc_task, you certainly can. What you might consider for sc_req_item is to add a field to your sc_cat_item where you identify, using my earlier example, the business associated to that item. WIth the business as part of the catalog item, you have options for doing the lookup and then the rest of the logic should work fine.