Limit and ITIL users access to various modules

jabest13
Tera Expert

We have a need for a non-IT user to have access to RITMs, Incidents and Change tickets (read & create) for only a particular group.  I did use a script that was posted to create a business rule on incident and that works for incident.  We do not want them in to modify the CMDB.  How do we prevent access to the CMDB? 

 

The business rule reads...

 

(function executeRule(current, previous /*null when async*/ ) {

// Add your code here
if (gs.getSession().isInteractive()) {
//Restrict to caller, watchlist, or members of assigned group...
var u = gs.getUserID(); //Get the sys_id value of the current user
var g = getMyGroups(); //Get the list of the current user groups
var q = current.addQuery('caller_id', u).addOrCondition('assignment_group', g).addOrCondition('watch_list', u); //Modify the current query on the incident table
}
})(current, previous);

1 ACCEPTED SOLUTION

We had to create business rules for Incident and RITMs....  The first reply was closest to what we need.

 

(function executeRule(current, previous /*null when async*/ ) {

// Add your code here

if (gs.getSession().isInteractive()) {
//Restrict to caller, watchlist, or members of assigned group...
var u = gs.getUserID(); //Get the sys_id value of the current user
var g = getMyGroups(); //Get the list of the current user groups
var q = current.addQuery('caller_id', u).addOrCondition('assignment_group', g).addOrCondition('watch_list', u); //Modify the current query on the incident table
}

})(current, previous);

View solution in original post

7 REPLIES 7

We had to create business rules for Incident and RITMs....  The first reply was closest to what we need.

 

(function executeRule(current, previous /*null when async*/ ) {

// Add your code here

if (gs.getSession().isInteractive()) {
//Restrict to caller, watchlist, or members of assigned group...
var u = gs.getUserID(); //Get the sys_id value of the current user
var g = getMyGroups(); //Get the list of the current user groups
var q = current.addQuery('caller_id', u).addOrCondition('assignment_group', g).addOrCondition('watch_list', u); //Modify the current query on the incident table
}

})(current, previous);

Aman Kumar S
Kilo Patron

Hi @jabest13 ,

I believe what you are trying to achieve here is to filter the CMDB records for a certain set of users, who are in anyway associated with the record.

Again, showing records which are supposed to be seen by you and restricting access to be able modify the CMDB, are two different things. 

In this Before Query BR, you will be filtering CMDB and not restricting modification access, for that you will need to have ACLs in place.

Let me know, what exactly you are trying to achieve.

 

Best Regards
Aman Kumar

jabest13
Tera Expert

Unfortunately, this business rule affected all ITIL users.  Working on modifying the script for only the limited_ITIL role.  Other ideas are welcome.