How can I hide an assignment group based on assignment group membership

Go to solution
heidiyablonski
Tera Contributor

‎04-03-2017 07:28 AM

Please bear with me, I'm a newbie and I have no idea where to even start of this.

 

I have a specific assignment group that is only used by one group and the group should only be visible to only members of that specific group. The members of the group do not want other ITIL users to be able to assign incidents or tasks to their assignment group.

 

Any guidance is greatly appreciated!

 

Thanks,

Heidi

Labels:
0 Helpfuls
  • 6,122 Views
1 ACCEPTED SOLUTION

Go to solution
edwajs
ServiceNow Employee
ServiceNow Employee
In response to heidiyablonski

‎04-03-2017 12:44 PM

Hi Heidi,



Chuck's information was the correct suggestion for you.  



If you only want to do this for one group when you are doing an incident assignment, you use a Reference Qualifier.   You can add your group exclusion to the existing Simple Reference Qualifier on incident assignment by adding the condition:   Sys ID is not <the sys_id of your group>.   And this group will be filtered out from the reference list for the assignment group.



You stated your requirement is:   "I have a specific assignment group that is only used by one group and the group should only be visible to only members of that specific group."



If you want to restrict all visibility of that assignment group to anyone except members of that assignment group, you can add a before-query business rule to the sys_user_group table.   The script would look something like this:



if (!gs.hasRole("admin") && gs.getSession().isInteractive()) {


  var groupMemberGR = new GlideRecord('sys_user_grmember');


  groupMemberGR.addQuery('group','=','<sys_id of your group>');


  groupMemberGR.addQuery('user','=',gs.getUserID());


  groupMemberGR.query();


  if (!groupMemberGR.next()) {


          current.addQuery('sys_id','!=','<sys_id of your group>');  


  }


}



If you only do ACLs to restrict visibility to this record, you will get messages on list views of the table like:   1 row removed by security constaints.


View solution in original post

0 Helpfuls
10 REPLIES 10

Go to solution
dravvyramlochun
ServiceNow Employee
ServiceNow Employee

‎04-03-2017 07:35 AM

Hello Heidi,



You can create an ACL that only specific users with specific roles are allowed to see the groups and you can script a bit for the condition that ITIL users cannot assign incidetns to this group. Or just create an ACL which says that ITIL users cannot read, delete, create anything with regards to this group.



http://wiki.servicenow.com/index.php?title=Using_Access_Control_Rules#gsc.tab=0


Create an ACL rule


Grant or deny access


https://docs.servicenow.com/bundle/istanbul-servicenow-platform/page/administer/contextual-security/...



Thanks,


Dravvy


Please Hit like, Helpful or Correct depending on the impact of the response