Join the #BuildWithBuildAgent Challenge! Get recognized, earn exclusive swag, and inspire the ServiceNow Community with what you can build using Build Agent.  Join the Challenge.

How to implement granular delegation to ITSM (e.g. Request Management) ACL Rules

Sven Lieback
Tera Contributor

‎07-18-2022 11:36 PM

Greetings,

did anyone implemented the granular delegation (part of HRSD / additional plugin) for ITSM? It's really simple to define the delegation tables and delegation rules but I'm struggling with the ACL Rules. So e.g. for Request Management. If I order something and the department head has to approve. If a granular delegation is active and the approval is delegated to another department head, he (the delegate) is not able to open the ritm. I tried to implement/copy the "isAssignedOrDelegated" function of hr_delegation script include but I failed. Any ideas?

Many thanks, Sven

0 Helpfuls
  • 2,324 Views
5 REPLIES 5

Sven Lieback
Tera Contributor
In response to Christian Prob2

‎06-09-2023 03:39 AM

Hi @Christian Prob2 ,

 

I wrote an own delegationUtil script include with necessary functions. One of them I used for ACLs. 

 

My read Access control rule for ritm: 

if (new itsm_DelegationUtil().hasDelegatedApproval(current))
	answer = true;

Initialization of delegation Util:

var itsm_DelegationUtil = Class.create();
itsm_DelegationUtil.prototype = {
    initialize: function() {
		// BEGIN COPY FROM HR DELEGATION
		this.DELEGATION_PLUGIN_ACTIVE = GlidePluginManager().isActive('com.glide.granular_service_delegation');
		var maxRecordsReturned = gs.getProperty('sn_hr_core.delegation.max_records_returned_limit.override', '');
		maxRecordsReturned = maxRecordsReturned && !isNaN(Number(maxRecordsReturned)) ? Number(maxRecordsReturned) : '';
		this.MAX_DELEGATE_RECORD_RETURN = maxRecordsReturned;
		// END COPY FROM HR DELEGATION
    },
/* MY FUNCTIONS
...
*/
    type: 'itsm_DelegationUtil'
};

The hasDelegatedApproval function:

//checks if the record has an active delegated approval to the current user
	hasDelegatedApproval: function(record, userId) {
		if (!record || !record.isValid())
			return false;

		if (!userId)
			userId = gs.getUserID();
		
		
		var targetTable = record.getTableName();
		var documentId = record.sys_id;
				
		// GET ALL APPROVALS FOR USER
		var approvalGr = new sn_delegation.DelegationUtil().getDelegatedApprovalsForUser(userId, true);
		var hasApproval = false;
		while (approvalGr.next()){
			// CHECK FOR DELEGATION (maybe optional)
			if (approvalGr.document_id==documentId && approvalGr.source_table==targetTable){
				hasApproval = true;
			}
			if (hasApproval) {
				return new sn_delegation.DelegationUtil().isRecordDelegatedToUser(userId, approvalGr);
			}
		}
		return false;
	},

 

Hope that helps 😉

Sven