How can I hide an assignment group based on assignment group membership

Go to solution
heidiyablonski
Tera Contributor

‎04-03-2017 07:28 AM

Please bear with me, I'm a newbie and I have no idea where to even start of this.

 

I have a specific assignment group that is only used by one group and the group should only be visible to only members of that specific group. The members of the group do not want other ITIL users to be able to assign incidents or tasks to their assignment group.

 

Any guidance is greatly appreciated!

 

Thanks,

Heidi

Labels:
0 Helpfuls
  • 6,118 Views
1 ACCEPTED SOLUTION

Go to solution
edwajs
ServiceNow Employee
ServiceNow Employee
In response to heidiyablonski

‎04-03-2017 12:44 PM

Hi Heidi,



Chuck's information was the correct suggestion for you.  



If you only want to do this for one group when you are doing an incident assignment, you use a Reference Qualifier.   You can add your group exclusion to the existing Simple Reference Qualifier on incident assignment by adding the condition:   Sys ID is not <the sys_id of your group>.   And this group will be filtered out from the reference list for the assignment group.



You stated your requirement is:   "I have a specific assignment group that is only used by one group and the group should only be visible to only members of that specific group."



If you want to restrict all visibility of that assignment group to anyone except members of that assignment group, you can add a before-query business rule to the sys_user_group table.   The script would look something like this:



if (!gs.hasRole("admin") && gs.getSession().isInteractive()) {


  var groupMemberGR = new GlideRecord('sys_user_grmember');


  groupMemberGR.addQuery('group','=','<sys_id of your group>');


  groupMemberGR.addQuery('user','=',gs.getUserID());


  groupMemberGR.query();


  if (!groupMemberGR.next()) {


          current.addQuery('sys_id','!=','<sys_id of your group>');  


  }


}



If you only do ACLs to restrict visibility to this record, you will get messages on list views of the table like:   1 row removed by security constaints.


View solution in original post

0 Helpfuls
10 REPLIES 10

Go to solution
heidiyablonski
Tera Contributor
In response to Victor Ruiz

‎04-03-2017 11:51 AM

Now my script looks like this but it is still not working.



if (!gs.hasRole("admin") && !gs.hasRole("groups_admin") && gs.getSession().isInteractive()) {



var qc = current.addQuery("u_hidden", "!=", "true");



qc.addOrCondition('sys_id',gertMyGroups());



}



})(current, previous);




I'm not sure this is even what I need, I need to hide one specific assignment group from everyone that is not a member of the group, but only for 1 specific assignment group.


0 Helpfuls

Go to solution
heidiyablonski
Tera Contributor
In response to heidiyablonski

‎04-06-2017 08:41 AM

Thank you!   It works!


0 Helpfuls

Go to solution
edwajs
ServiceNow Employee
ServiceNow Employee
In response to heidiyablonski

‎04-03-2017 12:44 PM

Hi Heidi,



Chuck's information was the correct suggestion for you.  



If you only want to do this for one group when you are doing an incident assignment, you use a Reference Qualifier.   You can add your group exclusion to the existing Simple Reference Qualifier on incident assignment by adding the condition:   Sys ID is not <the sys_id of your group>.   And this group will be filtered out from the reference list for the assignment group.



You stated your requirement is:   "I have a specific assignment group that is only used by one group and the group should only be visible to only members of that specific group."



If you want to restrict all visibility of that assignment group to anyone except members of that assignment group, you can add a before-query business rule to the sys_user_group table.   The script would look something like this:



if (!gs.hasRole("admin") && gs.getSession().isInteractive()) {


  var groupMemberGR = new GlideRecord('sys_user_grmember');


  groupMemberGR.addQuery('group','=','<sys_id of your group>');


  groupMemberGR.addQuery('user','=',gs.getUserID());


  groupMemberGR.query();


  if (!groupMemberGR.next()) {


          current.addQuery('sys_id','!=','<sys_id of your group>');  


  }


}



If you only do ACLs to restrict visibility to this record, you will get messages on list views of the table like:   1 row removed by security constaints.


0 Helpfuls

Go to solution
heidiyablonski
Tera Contributor
In response to edwajs

‎04-07-2017 09:44 AM

Ugh. I thought I had it working but I was wrong.   I created a before business rule on the Group [sys_user_group] table. It is set to run on Insert and Update.



This is my code:


if (!gs.hasRole("admin") && gs.getSession().isInteractive()) {



  var groupMemberGR = new GlideRecord('sys_user_grmember');



  groupMemberGR.addQuery('group','=','a7af39b0dbac3640b6b77749af961951');



  groupMemberGR.addQuery('user','=',gs.getUserID());



  groupMemberGR.query();



  if (!groupMemberGR.next()) {



          current.addQuery('sys_id','!=','a7af39b0dbac3640b6b77749af961951');



  }



}





The script seems to just do nothing, When I impersonate a user who is not in the group I am attempting to hide, he is still able to see the assignment group on the incident form.



Can you see what I'm doing wrong?


0 Helpfuls

Go to solution
Kevin Ng
Tera Expert
In response to edwajs

‎09-24-2020 09:38 AM

This was very helpful. My question is, how would I modify this business rule to include multiple groups to groupMemberGR.addQuery('group','=','<sys_id of your group>');? For instance, if I wanted group1 and group2 to be able to view the hidden groups.

 

Thanks!

 

Kevin

0 Helpfuls