Configuration Item field on the incident form - filtered by Caller Company

rcm
Kilo Contributor

I'm trying to add the Configuration Item field on the incident form.

We have CI's ( Business Services) with a field of company assigned and populated.

The callers have the field company assigned and populated.

So I would like to allow the callers ( through self service) when they log an incident to be able to choose the CI ONLY associated to their company.

The first step was to get the Configuration Item field on the Incident form but when I tested it - and tried to choose a CI it returned " No records to display".

However when I took that page and copied the URL for the filter , pasted to a new web page and hit return it returned all CI's

Any help on

(1) Issue where no records are returned and

(2) How to filter a list of CI's that the user can choose based on their company

Much appereciated.

1 ACCEPTED SOLUTION

Jamsta1912
Tera Guru

Hi Richard,



Another way to do this would be to create a Before Query Business Rule on the Configuration Item table.



The script would be:


var comp = gs.getUser().getCompanyID();


current.addQuery('company', comp);



When to Run...


When: Before


Query: True



So this would restrict users from seeing any CIs other than those associated with their own company, anywhere in the system.


As it stands this would apply to ALL users, so you will probably want to also add a condition so that it does NOT apply tousers with certain roles, especially admin and itil:



!gs.hasRole('admin') && !gs.hasRole('itil')



Jamie.


View solution in original post

5 REPLIES 5

TrevorK
Kilo Sage

1) What is your item looking like? All logged in users (by default) have access to see the Configuration Items, so assuming your users are logging in first they should be able to see CIs when you point to cmdb_ci as your table (assuming you didn't set custom permissions on your classes of CIs, but because that would be done by you I assume you would know about that). Maybe provide a screenshot of your CI variable with the filtering and that - seeing nothing is usually a very simple problem to fix.


2) You usually filter out the values based on the Reference Qualifier (Reference Qualifiers - ServiceNow Wiki ). Now, if the simple/dynamic Reference Qualifiers do not work (I have little experience with the Dynamic ones) you use the advanced ones. The advanced ones allow you to use an encoded query string, or, the far more powerful option of a Script Include. The Script Include allows you to pass in values and use values on the form itself to perform it's logical function. Therefore, a script include could easily look at the company of a user and return a list of SYSID's that they are allowed to see based at the company of the user.



For your reference, here is a very simple Script Include. It gives you an idea of the formatting and how it works (returning a string of SYSID)


var getMyApps = Class.create();


getMyApps.prototype = {


      initialize: function() {


      },



  getChildBusServList: function(BusServParent){


  var ChildBusService = ' ';


  var qryBusServChild = new GlideRecord('cmdb_rel_ci');




  // If it is not empty, add the variable we pass in


  if (BusServParent != '' ) {


  qryBusServChild.addQuery('parent',BusServParent);


  }



  qryBusServChild.query();



  while (qryBusServChild.next()) {


  if (qryBusServChild.child.install_status != 7) {


  ChildBusService += ',' + qryBusServChild.child;


  }


  }


  return 'sys_idIN' + ChildBusService;


  },



      type: 'getMyApps'


};



Again, this just gives you an example of how a Script Include can be used to return a list of SYSIDs to populate your list. In my example I give it a variable, but you can also use the current. to access what is on the form.   My apologies - the formatting got somewhat lost in the copy/paste.



Any questions let me know!


rcm
Kilo Contributor

Trevor - thanks for the response.


I will look at point (2) later.



Point (1)   - is more interesting.



If I create a new incident and do not populate any of the fields at all then I can choose any CI.



As soon as I populate the caller field with a name , which also populates company etc (even my own) I see no CI's


rcm
Kilo Contributor

Further testing has revealed



Scenario 1 impersonate a user (without any role)


(1) Through ESS I can choose any CI - not just those associated with my company


(2) When I save the incident I can change the CI to anything else



Scenario2 logon as me (admin)


Through the Servicedesk module / Incidents - the same incident for the use in scenario 1 - I can ONLY choose CI's with the same company as the user.



I cannot see any business rules or client scripts which act upon the configuration table at all.


Jamsta1912
Tera Guru

Hi Richard,



Another way to do this would be to create a Before Query Business Rule on the Configuration Item table.



The script would be:


var comp = gs.getUser().getCompanyID();


current.addQuery('company', comp);



When to Run...


When: Before


Query: True



So this would restrict users from seeing any CIs other than those associated with their own company, anywhere in the system.


As it stands this would apply to ALL users, so you will probably want to also add a condition so that it does NOT apply tousers with certain roles, especially admin and itil:



!gs.hasRole('admin') && !gs.hasRole('itil')



Jamie.