Child group member can able to see parent group assigned task

dhivyal94299399 · 2 hours ago

Check:

I Have parent group named called " NNC" and the child group named "WRN-ADC".

I am part of child group.

When i open the catalog task assigned to me, i can able to see the task assigned to the parent group also.

How to restrict this. How this functionality work.

Ankur Bawiskar · 2 hours ago

@dhivyal94299399

this is Out of the box feature

when a user is in a child group, they can see tasks assigned to that child group and all of its parent groups. This is controlled by the assignment group hierarchy and the default read ACLs for sc_task

Approach

-> use script based ACL on sc_task with Table.None READ ACL

-> in the roles section give snc_internal

// Allow admin and users with specific override roles
if (gs.hasRole('admin')) {
    return true;
}

// Check if user is a member of the task's assignment group
if (current.assignment_group && gs.getUser().isMemberOf(current.assignment_group)) {
    return true;
}

// Deny access (prevents seeing parent group tasks via hierarchy)
return false;

💡 If my response helped, please mark it as correct ✅ and close the thread 🔒— this helps future readers find the solution faster! 🙏

Regards,
Ankur
✨ Certified Technical Architect || ✨ 10x ServiceNow MVP || ✨ ServiceNow Community Leader

Tanushree Maiti · 32m ago

Hi @dhivyal94299399

Create Read ACL on SC_TASK table with advance script.

You will get sample code from this post: https://www.servicenow.com/community/developer-forum/parent-group-members-able-to-see-incidents-of-t...

Update the code as per your requirement.

Please Accept the solution if it assisted you with your question & Mark this response as Helpful.
Regards
Tanushree Maiti
ServiceNow Technical Architect
LinkedIn: https://www.linkedin.com/in/tanushreemaiti