Condition in ACL script - for only users of groups starting with 'AG' to have access to a CI

Go to solution
Vidv1
Kilo Contributor

‎09-13-2019 03:12 AM

Hi,

I have a requirement to restrict the access of the CIs of a particular CI Class - by only members of specific groups. I have already created ACLs for read, write and delete operations and used the condition:

answer= gs.getUser().isMemberOf('CMDB group');

This is working fine. But now I have a requirement to restrict access for users such that - only users who are a part of groups starting with 'AG' should have access. 

Is there a way to achieve it? Please help. Thanks in advance! 

0 Helpfuls
  • 3,728 Views
1 ACCEPTED SOLUTION

Go to solution
Jagadeesh R1
Tera Expert
In response to Jagadeesh R1

‎09-13-2019 06:54 AM

Hello.. I have edited the script a litte bit

answer = checkUser();
function checkUser(){
var groups = new GlideRecord('sys_user_group');
groups.addQuery('nameSTARTSWITHAG');
groups.query();
while(groups.next()){
if(gs.getUser().isMemberOf(groups.name)){
return true;
}
else{
continue;
}
}
return false;
}

View solution in original post

3 REPLIES 3

Go to solution
Jagadeesh R1
Tera Expert

‎09-13-2019 06:48 AM

Hello,

   Please try with the below code

  answer = checkUser();
function checkUser(){
var groups = new GlideRecord('sys_user_group');
groups.addQuery('nameSTARTSWITHAG');
groups.query();
while(groups.next()){
if(gs.getUser().isMemberOf(groups.name)){
return true;
}
}else{
continue;
}
}
return false;
}

 

Kindly check for the closing paranthesis and any errors. I had written in notepad

 

Regards,

jagadeesh

Go to solution
Jagadeesh R1
Tera Expert
In response to Jagadeesh R1

‎09-13-2019 06:54 AM

Hello.. I have edited the script a litte bit

answer = checkUser();
function checkUser(){
var groups = new GlideRecord('sys_user_group');
groups.addQuery('nameSTARTSWITHAG');
groups.query();
while(groups.next()){
if(gs.getUser().isMemberOf(groups.name)){
return true;
}
else{
continue;
}
}
return false;
}

Go to solution
Ankur Bawiskar
Tera Patron
Tera Patron

‎09-13-2019 07:22 AM

Hi,

So if logged in user is part of a group that starts with AG then access to be given

the below code is optimized; it checks to which groups user belongs and then only queries with those groups and if one of them is starting with AG then return true;

no need to query entire table of groups

answer = getValue();

function getValue(){

var groupsArray = gs.getUser().getMyGroups();

groupsArray = j2js(groupsArray);

var gr = new GlideRecord('sys_user_group');

gr.addQuery('sys_id', 'IN', groupsArray.toString());

gr.addEncodedQuery('nameSTARTSWITHAG');

gr.query();

var rowCount = gr.getRowCount();

if(rowCount > 0)

return true;

else

return false;

}

Mark Correct if this solves your issue and also mark 👍 Helpful if you find my response worthy based on the impact.
Thanks
Ankur

Regards,
Ankur
Certified Technical Architect  ||  9x ServiceNow MVP  ||  ServiceNow Community Leader