How to hide records using ACL's

Sironi · ‎08-27-2021

Hi All,

Could you please help me on ACL's

Hide "Leaders" group incident records if logged in user is not a member and rest of all incidents should be visible in normal .

"Leaders" group members should be see all incidents with out restrictions

Upender Kumar · ‎09-03-2021

Try below

var information_security = gs.getProperty('security_inc_assignment_group_UITSIS'); // sys_id of "UITS Information Security" group
var iso_Leaders = gs.getProperty('security_inc_assignment_group_UITSIL'); //sys_id of "UITS ISO Leadership" group

if (gs.getUser().isMemberOf(information_security) || gs.getUser().isMemberOf(iso_Leaders)) {
    //gs.addInfoMessage(gs.getMessage("Looged in user id is a Member in Security Groups"));
    answer = true;

} 
else if(gs.getUserID==current.caller_id)
answer=true;
else {
    // gs.addInfoMessage(gs.getMessage("Looged in user id not Member in Security Groups"));
    if ((current.assignment_group == information_security || current.assignment_group == iso_Leaders)&& current.caller_id!=gs.getUserID()) {
        answer = false;
    } else  {
		
        answer = true;
    }
}

View solution in original post

Tony K · ‎08-27-2021

this is taken from that thread

try this thread: https://community.servicenow.com/community?id=community_question&sys_id=3c56e03fdb19f300190dfb2439961925

or this one:

https://community.servicenow.com/community?id=community_question&sys_id=2b3b1810dbb1f3400be6a345ca9619b7

Sironi · ‎08-29-2021

Hi Tony,

With ACLs: I tried with Read ACL's with below script on Incident table

total INC's 200+ :

NON-Security Group users : Security group INC's Hiding from Non-group members successfully and all records showing except that security group incidents.

Security group : Security group members doesn't have any restrictions they must see all( 200+) incidents in system. Now as per ACL Security group members able to see all Security group INC's successfully , but unfortunately hiding empty assignment_group INC's records and some other assignment_group records. Actually Security group users must see 200+ inc's , this group members doesn't have any restrictions .

if (!(gs.getUser().isMemberOf('11a5a0a407123010b9aaf03c7c1ed0d8')|| gs.getUser().isMemberOf('7c452c2407123010b9aaf03c7c1ed0b7'))) {

  
    gs.addInfoMessage(gs.getMessage("Looged in user id not Member in Security Groups"));
    if (current.assignment_group == '7c452c2407123010b9aaf03c7c1ed0b7' || current.assignment_group == '11a5a0a407123010b9aaf03c7c1ed0d8') {
        answer = false;
    } else {
        answer = true;
    }
} else {
    gs.addInfoMessage(gs.getMessage("Looged in user id is a Member in Security Groups"));
    answer = true;
}

Upender Kumar · ‎08-29-2021

Try below

if (gs.getUser().isMemberOf('11a5a0a407123010b9aaf03c7c1ed0d8')|| gs.getUser().isMemberOf('7c452c2407123010b9aaf03c7c1ed0b7')) {
 gs.addInfoMessage(gs.getMessage("Looged in user id is a Member in Security Groups"));
  answer = true;
   
} else {
     gs.addInfoMessage(gs.getMessage("Looged in user id not Member in Security Groups"));
    if (current.assignment_group == '7c452c2407123010b9aaf03c7c1ed0b7' || current.assignment_group == '11a5a0a407123010b9aaf03c7c1ed0d8') {
        answer = false;
    } else {
        answer = true;
    }
}

Sironi · ‎08-30-2021

Hi Upender,

Thanks for your reply and i have applied your script under READ-ACL.

Challenges : I have created NEW READ ACL using with your script. but it is not working until and unless deactivate existing OOB Read ACL's

snc_internal role automatically added to ACL' I have removed multiple types but it is adding automatically.

I thought that this role reproducing issue. so i have deactivated this role property "glide.security.use_explicit_roles" and update ACL.

Now Script is working fine and giving expected result.

Can you help me is it right method to deactivate this "glide.security.use_explicit_roles" to execute this ACL, may be this property deactivation may cause for issue somewhere right ?

in case of it show any issues. Then Kindly help me on TASK table Query BR to restrict Security group INC records at Task table and don't show impact on other table records and other group INC records.

Only hide Seciruty gorup incs from TASK .

Sironi · ‎08-30-2021

Hi Upender,

CAn we expect any updates please