Join the #BuildWithBuildAgent Challenge! Get recognized, earn exclusive swag, and inspire the ServiceNow Community with what you can build using Build Agent.  Join the Challenge.

Display Error message for sensitive groups

VALLUB
Tera Contributor

8 hours ago

Hi Community,

We have a requirement to prevent users with "admin" or "user_admin" roles from manually provisioning certain sensitive groups.  only "security_admin" role users should able to the groups.

For example below are the 2 groups

Group A

Group B

 

Expected Behavior:

  • If a user with "admin" or "user_admin" tries to manually assign any of the above roles/groups, the system should block the action and show a message like:
    “Only users with the 'security_admin' role can provision this role/group manually.”
    I wrote the below before insert update business rule, this is preventing to add the users to those senstive groups, but error message is not displaying, please suggest me.
  • for example in user record in related list we have group tab right, when we are supoosed to click on edit and when we try to add then its need to show the error message, the below script is working fine for preventing but error message is not displaying.
     
     
    (function execute Rule(current, previous /*null when async*/ ) {

        // Add your code here
        // Define sensitive groups
        var sensitive Groups = [
            'Group A',
            'Group B',
        ];
        // Get the name of the group being modified
        var groupName = current.group.getDisplayValue();
        // Check if the group is sensitive
        if (sensitiveGroups.indexOf(groupName) > -1) {
            // If user is not security_admin, block the action
            if (!gs.getUser().hasRole('security_admin')) {
                current.addErrorMessage("only security_admin can provision these roles manually");
                current.setAbortAction(true);
            }

        }

    })(current, previous);
 
 

 

0 Helpfuls
  • 9 Views
0 REPLIES 0