How can I make work notes visible only to members of a certain role when an Incident is in a certain assignment group?

Go to solution
Denton
Tera Contributor

‎01-09-2021 06:41 AM

In our environment, we have many non-IT users with ITIL roles. ServiceNow is being used for task assignment for the entire company and all this is run off the Incident table.

(Note: I know how bad this is. I inherited this and did not design it. This question isn't about fixing this, it's about working around it.)

There is a role in our organization simply called "IT." All actual IT users have this role.

What I'm trying to accomplish is to set up an ACL (or other solution) where if an Incident has the "IT Operations" assignment group, only users with the IT role can read or write to the work notes on that Incident. I do not want users with the ITIL role, sn_incident_read, or sn_incident_write roles to see work notes for this assignment group unless they also have the IT role. They should be able to view work notes in other assignment groups w/o impediment. 

This feels look it should be easy, but I haven't been able to work it out. It's also very possible I'm just a bad admin. Any help would be appreciated.

 

Labels:
0 Helpfuls
  • 4,587 Views
1 ACCEPTED SOLUTION

Go to solution
Denton
Tera Contributor

‎01-09-2021 07:47 AM

Ok, I figured out the problem. So apparently, going back to the initial description, yes, I'm a bad admin. 

There were separate ACLs for role sn_incident_write for read and write access.
I put a condition in there that said:
Assignment Group IS NOT IT Ops --OR--
Assignment Group IS NOT IT Staff.

The problem: I put an OR into a list of negative conditions (instead of an AND) so of course the whole thing always returned true. 

Rookie mistake though I've been doing this for a while now. Sorry to waste your time! 

View solution in original post

8 REPLIES 8

Go to solution
Priya Singh 2 2
Tera Contributor
In response to Ankur Bawiskar

3 weeks ago

@Ankur Bawiskar I have similar requirement on another table where I need to make activity (work notes to be visible only to a particular members of group)  and I am trying to achieve it by ACL but it's not working

PriyaSingh22_0-1755887698032.png

PriyaSingh22_1-1755887795118.png

Also I tried to write business rule - display along with onLoad client script but users without mentioned rule can see activities (Screenshot which I attached to the record)

 

0 Helpfuls

Go to solution
Denton
Tera Contributor

‎01-09-2021 07:14 AM

Strangely enough, I set up the ACLs the same way I did the first time with no luck (yesterday) and now it appears to be working as I intended. It may have been a cache issue?

0 Helpfuls

Go to solution
Denton
Tera Contributor

‎01-09-2021 07:47 AM

Ok, I figured out the problem. So apparently, going back to the initial description, yes, I'm a bad admin. 

There were separate ACLs for role sn_incident_write for read and write access.
I put a condition in there that said:
Assignment Group IS NOT IT Ops --OR--
Assignment Group IS NOT IT Staff.

The problem: I put an OR into a list of negative conditions (instead of an AND) so of course the whole thing always returned true. 

Rookie mistake though I've been doing this for a while now. Sorry to waste your time! 

Go to solution
Ankur Bawiskar
Tera Patron
Tera Patron
In response to Denton

‎01-09-2021 08:05 AM

@Denton 

No worries. Everyday is a new learning.

Please close the question by marking appropriate response as correct and helpful.

Regards
Ankur

Regards,
Ankur
✨ Certified Technical Architect  ||  ✨ 9x ServiceNow MVP  ||  ✨ ServiceNow Community Leader
0 Helpfuls