How can I hide an assignment group based on assignment group membership

heidiyablonski · ‎04-03-2017

Please bear with me, I'm a newbie and I have no idea where to even start of this.

I have a specific assignment group that is only used by one group and the group should only be visible to only members of that specific group. The members of the group do not want other ITIL users to be able to assign incidents or tasks to their assignment group.

Any guidance is greatly appreciated!

Thanks,

Heidi

edwajs · ‎04-03-2017

Hi Heidi,

Chuck's information was the correct suggestion for you.

If you only want to do this for one group when you are doing an incident assignment, you use a Reference Qualifier. You can add your group exclusion to the existing Simple Reference Qualifier on incident assignment by adding the condition: Sys ID is not <the sys_id of your group>. And this group will be filtered out from the reference list for the assignment group.

You stated your requirement is: "I have a specific assignment group that is only used by one group and the group should only be visible to only members of that specific group."

If you want to restrict all visibility of that assignment group to anyone except members of that assignment group, you can add a before-query business rule to the sys_user_group table. The script would look something like this:

if (!gs.hasRole("admin") && gs.getSession().isInteractive()) {

var groupMemberGR = new GlideRecord('sys_user_grmember');

groupMemberGR.addQuery('group','=','<sys_id of your group>');

groupMemberGR.addQuery('user','=',gs.getUserID());

groupMemberGR.query();

if (!groupMemberGR.next()) {

current.addQuery('sys_id','!=','<sys_id of your group>');

}

If you only do ACLs to restrict visibility to this record, you will get messages on list views of the table like: 1 row removed by security constaints.

View solution in original post

Chuck Tomasi · ‎04-03-2017

You will need to create a reference qualifier to determine if the group should be visible.

http://wiki.servicenow.com/index.php?title=Reference_Qualifiers#gsc.tab=0

Be sure to also look at Dictionary Overrides to ensure this same rule is not applied to all task tables accidentally.

Dictionary Overrides - ServiceNow Wiki

Take a look at the Community Quick Tip in episode 36: TechNow Episode List

Victor Ruiz · ‎04-03-2017

I implemented this and works like a charm: hiding groups

heidiyablonski · ‎04-03-2017

I need to just hide one specific assignment group on the incident form so the service desk cannot assign any incidents to it. I tried scripting a business rule like the one referenced in the wiki but it did not hide the assignment group from the list of assignment groups visible on the incident form where I can assign my incident to it.

I followed the instructions from the Wiki and added the new "hidden" field and added the following business rule but when I impersonate a service desk user (ITIL role), I can still see the group. I'm not sure what I'm doing wrong

Here's my script:

if (!gs.hasRole("admin") && !gs.hasRole("groups_admin") && gs.getSession().isInteractive()) {

var qc = current.addQuery("u_hidden", "!=", "true"); //cannot see hidden groups...

qc.addOrCondition("a7af39b0dbac3640b6b77749af961951", "javascript:getMyGroups()");

}

a7af39b0dbac3640b6b77749af961951 = the assignment group's sys_id.

Victor Ruiz · ‎04-03-2017

Remove the sys id you entered.....your last line should be qc.addOrCondition('sys_id', getMyGroups());