How to restrict a specific group incidents to only its group members , customer and watchlist

Andrew Kimani
Tera Contributor

I want to restrict incidents assigned to particular assignment group   with this article : https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB0790987 
See below code

Steps to Perform

  1. Create a Before -Query Business rule on 'Incident' table
  2. In the Advanced tab, set the condition as:
    !gs.getUser().isMemberOf('<group name to be restricted for other users>') 
  3. In the script field, update sys_id of the group to be restricted

 

(function executeRule(current, previous /*null when async*/ ) {
var grp = current.addNullQuery('assignment_group').addOrCondition('assignment_group','!=','<sys_id of the group to be restricted for other users>');
})(current, previous);

 

 

but now the caller cannot view their ticket and i would to add people on watchlist to be able to  view their incidents
please assist

2 REPLIES 2

Andrew Kimani
Tera Contributor

@Ankur Bawiskar  do you have an idea on this

 

amaradiswamy
Kilo Sage

Hi @Andrew Kimani 

 

You need to change the conditions to allow caller and watch list members

 

you may try with below

restrictIncidents();
function restrictIncidents() {
	if (!gs.hasRole("itil") && !gs.hasRole("sn_incident_read") && gs.isInteractive()) {
		//Do NOT restrict Incidents if SPM premium plugin is active AND user has the service_viewer role.
		if (GlidePluginManager.isActive('com.snc.spm') && gs.hasRole('service_viewer'))
            return;
		if (GlidePluginManager.isActive('sn_fsm_itsm_mng') && gs.hasRole('wm_ext_agent'))
            return;
		// STRY52118544: ham_user is added to support incident read for reporting on HAM store app
		if (GlidePluginManager.isActive('com.sn_hamp') && gs.hasRole('sn_hamp.ham_user')) {
			return;
		}
		// DEF0330091: Allow query on OT Incident with sn_ot_incident_read role
		if (GlidePluginManager.isActive('com.sn_ot_inc_mgmt') && gs.hasRole("sn_ot_incident_read"))
			return;

		// Responders should be able to access all incidents 
		if (gs.hasRole("sn_sow_srm.srm_responder")) {
			return;
		}
			
		var u = gs.getUserID();
if(!gs.getUser().isMemberOf('<group name to be restricted for other users>') )
{
		current.addQuery("caller_id", u).addOrCondition("opened_by", u).addOrCondition("watch_list", "CONTAINS", u);
                 current.addEncodedQuery('assignment_group.name!=groupname');
}
else
{
current.addQuery("caller_id", u).addOrCondition("opened_by", u).addOrCondition("watch_list", "CONTAINS", u);
}
	}
}