Only members of certain groups(Eg: HR group, Management Group) should be able to see the variable

VishalSawant
Kilo Explorer

yesterday

Working on a requirement where access to certain sensitive variables on an RITM form needs to be restricted.

 

Requirement:

When catalog request is created and the RITM is viewed:

Only members of the certain groups(Eg: HR group, Management Group) should be able to see the variable details in the RITM form view

 

Restricted Variables:

Email Address

Mobile Number

 

All other users should not be able to view these variables on the RITM.

0 Helpfuls
  • 270 Views
4 REPLIES 4

PoonkodiS
Mega Sage

yesterday

Hi @VishalSawant 

1.You can use catalog client script in : Onload 

Table: sc_ req_item

if (g_user.isMemberOf('GROUP_SYS_ID')) {

   g_form.setDisplay('variable_name', true);

} else {

   g_form.setDisplay('variable_name', false);

 

}

Or

2.Use ACL for more secure

Create a read ACL for sc_req_item table

 

Regards,

Poonkodi 

 

0 Helpfuls

VishalSawant
Kilo Explorer
In response to PoonkodiS

yesterday

Thanks for the suggestion. Catalog Client Scripts do not execute on the RITM (sc_req_item) form after request creation. Since the requirement is to restrict variable visibility on the RITM view.

 

Please correct me if I'm wrong.

 

Can we apply ACL for variables on sc_req_item?

 

 

0 Helpfuls

SohamTipnis
Tera Expert

yesterday

Hi @VishalSawant,

 

You can use the following OnLoad Client Script:

Type: Catalog Client Script
Applies to: RITM
UI Type: All
Table: sc_req_item
When: onLoad

 

function onLoad() {

    // Check if user has required roles
    var isAuthorized = g_form.hasRole('hr_role') || g_form.hasRole('management_role');

    // Variable names (use actual variable names, not labels)
    var restrictedVars = [
        'email_address',
        'mobile_number'
    ];

    // Show or hide variables
    for (var i = 0; i < restrictedVars.length; i++) {
        g_form.setDisplay(restrictedVars[i], isAuthorized);
    }
}

 

If you find my answer useful, please mark it as Helpful and Correct ‌‌‌‌😊

 

Regards,

Soham Tipnis

ServiceNow Developer ||  Technical Consultant
LinkedIn: www.linkedin.com/in/sohamtipnis10

0 Helpfuls

Ankur Bawiskar
Tera Patron

yesterday

@VishalSawant 

you can use Display BR on RITM table and normal onLoad client script on RITM Table

Display BR

(function executeRule(current, previous /*null when async*/ ) {

    var allowedGroups = ['HR Group', 'Management Group']; // Exact group names
    var authorized = false;
    var user = gs.getUser();

    for (var i = 0; i < allowedGroups.length; i++) {
        if (user.isMemberOf(allowedGroups[i])) {
            authorized = true;
            break;
        }
    }

    g_scratchpad.canViewSensitiveVars = authorized;

})(current, previous);

onLoad client script

function onLoad() {
    if (!g_scratchpad.canViewSensitiveVars) {
        g_form.setVisible('variables.email_address', false); // Variable name: email_address
        g_form.setVisible('variables.mobile_number', false); // Variable name: mobile_number
    }
}

💡 If my response helped, please mark it as correct and close the thread 🔒— this helps future readers find the solution faster! 🙏

Regards,
Ankur
Certified Technical Architect  ||  9x ServiceNow MVP  ||  ServiceNow Community Leader
0 Helpfuls