How can i restrict the access of incidents specific assigned to group xyz only to it's group members

Sowmya20 · ‎01-04-2024

Hi,

I have requirement if incident assignment group is "XYZ" security checkbox is true. Then only part of the assignment group member incident ticket should visible. Other team should not have access to view these tickets.

Thanks in advance.

Sowmya20 · ‎01-04-2024

Requirement is when user(not XYZ group) tried to open the security incident they should get "record not found or does not have access to the ticket".

VaishnaviShinde · ‎01-04-2024

Hello @Sowmya20 ,

In query BR remove the conditions that you have added in when to run and the add that condition if script.

(function executeRule(current, previous /*null when async*/ ) {
var q;
if (gs.getUser().isMemberOf('811b20e21b72e700755b8480cd4bcb4a')) {// Add your sysID of group
gs.info('In if');
q = current.addEncodedQuery("assignment_group=811b20e21b72e700755b8480cd4bcb4a^(add your security rule field backend name)=true");// Add your sysID of group
} else {
gs.info('in else');
q = current.addEncodedQuery("assignment_group!=811b20e21b72e700755b8480cd4bcb4a^(add your security rule field backend name)=false");
}
})(current, previous);

Please Mark my Solution as Accept and Give me thumbs up, if you find it Helpful.

Regards,

Vaishnavi Shinde

Ankur Bawiskar · ‎01-04-2024

@Sowmya20

for this requirement you will have to do these 2 things

1) create a new table level READ ACL for your condition of group membership and checkbox

2) Update existing OOB query BR on incident table

Regards,
Ankur
✨ Certified Technical Architect || ✨ 9x ServiceNow MVP || ✨ ServiceNow Community Leader

Sowmya20 · ‎01-04-2024

Hi Ankur,

Thank you for the reply.

1) Please find the below ACL:

Name: incident -None-

Condition:

Assignment group is "XYZ" and Security is true

Script:

if (gs.getUser().isMemberOf('811b20e21b72e700755b8480cd4bcb4a')) {
answer = true;
} else {
answer = false;
}

2) could you please provide sample code what needs to be add in Business rule.

Ankur Bawiskar · ‎01-04-2024

@Sowmya20

try this

restrictIncidents();
function restrictIncidents() {
	if (!gs.hasRole("itil") && !gs.hasRole("sn_incident_read") && gs.isInteractive()) {
		//Do NOT restrict Incidents if SPM premium plugin is active AND user has the service_viewer role.
		if (GlidePluginManager.isActive('com.snc.spm') && gs.hasRole('service_viewer'))
			return;
		if (GlidePluginManager.isActive('sn_fsm_itsm_mng') && gs.hasRole('wm_ext_agent'))
			return;
		// STRY52118544: ham_user is added to support incident read for reporting on HAM store app
		if (GlidePluginManager.isActive('com.sn_hamp') && gs.hasRole('sn_hamp.ham_user')) {
			return;
		}
		// DEF0330091: Allow query on OT Incident with sn_ot_incident_read role
		if (GlidePluginManager.isActive('com.sn_ot_inc_mgmt') && gs.hasRole("sn_ot_incident_read"))
			return;

		if(gs.getUser().isMemberOf('811b20e21b72e700755b8480cd4bcb4a')){
			// if user is member of this group then only show records where u_security is TRUE
			current.addQuery('u_security', true);	
			
			// if you want the group members to see based on callerID, opened and watch list then add conditions similar to below
		}
		else{
			var u = gs.getUserID();
			current.addQuery("caller_id", u).addOrCondition("opened_by", u).addOrCondition("watch_list", "CONTAINS", u);
		}
	}
}

If my response helped please mark it correct and close the thread so that it benefits future readers.

Regards,
Ankur
✨ Certified Technical Architect || ✨ 9x ServiceNow MVP || ✨ ServiceNow Community Leader