The CreatorCon Call for Content is officially open! Get started here.

Create a SNOW group where the members has access to the tickets assigned to the group

ark257
Mega Contributor

3 weeks ago

I want to create an assignment group in which the members can only see the tickets assigned to the group.

They shouldn't be able to see any other incidents or problems or tasks or changes in the instance.

Please provide me the ACL or business rules or both which will help me attain this

0 Helpfuls
  • 389 Views
6 REPLIES 6

GlideFather
Tera Patron
In response to ark257

3 weeks ago

Hi @ark257,

 

  • no need to create new role (unless you want/need to),
  • if you applied the ACL on Task (parent), there might be already different rules for child tables (INC, PRB, ...)
    • these must be reviewed, we don't have access to see them

There is not a single universal answer, for example you can assign a Group Type (e.g. group type called "Task viewer") and assign this Type to all groups that shall see the Records and eventually add a condition in that read ACL that it needs a group with that Type. Or you can do it based on the role - either existing one - or a new one...

 

If you use the existing role - example of ITIL - be careful as assigning ITIL by group membership is not the only way how to get the role, it can be granted by admin and so on...

 

So if you want to grant the access to specific groups you need to find the best suitable option matching your current existing stuff. Here you can search for advices or suggestions but we cannot give you 100 % correct solutions as we don't see the whole thing .(

———
/* If my response wasn’t a total disaster ↙️ drop a Kudos or Accept as Solution ↘️ Cheers! */


0 Helpfuls

ChallaR
Mega Guru

3 weeks ago

hi @ark257 .

You’ll need to create ACLs for:

  • incident
  • problem
  • change_request
  • sc_task (or other task tables)

For each table please create an ACL. -

// Only allow access if the user's group matches the assignment group
var userGroups = gs.getUser().getMyGroups();
if (current.assignment_group.nil()) {
// No assignment group, deny access
answer = false;
} else {
answer = userGroups.indexOf(current.assignment_group.sys_id.toString()) !== -1;
}

 

2. Restrict List Views (Optional but Recommended)

To prevent users from seeing records in list views:

  • Create List ACLs for the same tables.
  • Use the same script as above

else u can also try this - 

Restrict Related Lists (Optional)

If users can see related records (e.g., via parent-child relationships), apply ACLs to those tables too.

 

Another  option - Business Rule to Auto-Assign Group (if needed)

if (current.assignment_group.nil()) {
current.assignment_group = gs.getUser().getMyGroups()[0]; // Assign first group
}

 

NOTE /TIPS -

 

  • Make sure admin users are excluded from ACL testing (they bypass ACLs).
  • Use gs.getUser().getMyGroups() to get all groups the user belongs to.
  • Use current.assignment_group.sys_id to compare group IDs.

Please make it correct and close the thread if this helps.

 

Thanks,

Rithika.ch

 

0 Helpfuls