Prevent Change requester from approving their own Changes.

Steve Brown1 · ‎03-22-2017

Hi Community,

Using Helsinki - helsinki-03-16-2016__patch7-11-02-2016

Following a recent audit I need to prevent any Requester being able to Approve their own Change Requests.

I have read a couple of articles similar to my situation but they have been specific to a particular Assignment Group and my scripting skills are non existent to be able to turn their suggestions into something that works!! I have also tried writing a Business Rules on the sysapproval_approver table but could not get this to work either.

I have attempted to change the below script from another post from 2014 to work in our Instance but I cannot get it to work - the best result was skipping the Peer check step of the workflow where an approval is required from the Assignment group of the Requester.

answer = [];
var approvers = new GlideRecord('sys_user_grmember');
approvers.addQuery('group.name', 'IT Infrastructure Managers');
approvers.query();
while(approvers.next()) {
if(approvers.user.toString() != current.requested_by.toString()) {
answer.push(approvers.user.toString());
}
}

My version:

1. answer = [];

2. var approvers = new GlideRecord('sys_user_grmember');

3. approvers.addQuery('current.assignment_group');

4. approvers.query();

5. while(approvers.next()) {

6. if(approvers.user.toString() != current.requested_by.toString()) {

7. answer.push(approvers.user.toString());

8. }

9. }

I think the script is doing the following:

2 - Identifying the Group the Requester is in

3 - Is the Requester in the Assignment Group?

4 - ??

5 - ??

6 - If the Requester is in the Assignment Group

7 - ?? do something!

Many thanks in advance.

Steve Brown

Alikutty A · ‎03-22-2017

There is an additional quotes in the current.assignment_group which will not make it work. I have done a minor update to code

answer = [];

var approvers = new GlideRecord('sys_user_grmember');

approvers.addQuery('group', current.assignment_group); //Matches assignment group on change with the group membership table

approvers.query();

while(approvers.next()) {

if(approvers.user.toString() != current.requested_by.toString()) {

answer.push(approvers.user.toString());

}

I have tested this and it was working on my developer instance.

Thanks

Please Hit like, Helpful or Correct depending on the impact of the response

View solution in original post

Steve Brown1 · ‎03-24-2017

Hi Alikutty,

Stages of the workflow:

Step 1 - Peer Review (this is fine now)

Step 2 - SP review (no script needed)

Step 3 - Team Leader Review - this is the stage I am referring to.

After these three Approvals the workflow ends and moves into the Change workflow to generate tasks etc.

The highlighted Change Approvers (u_change_approvers) is the section that needs to be referenced in the script so that if a Change Requester is listed within this section they would not be permitted to approve their own change and a colleague would need approve instead which is what you provided for Step 1 of the workflow yesterday.

Details of the Change Approvers section:

The Team Leader Review Approval activity from the workflow (this is an Approval - User activity):

If you need anything else please let me know.

Regards,

Steve

Alikutty A · ‎03-24-2017

Please try this code.

answer = [];

var approvers = [];

approvers = current.u_change_approvers.split(','); //Convert to array

for(var i=0; i<approvers.length; i++){

if(approvers[i] != current.requested_by){ //Skip Requester

answer.push(approvers[i]);

}

Thanks

Please Hit like, Helpful or Correct depending on the impact of the response

Steve Brown1 · ‎03-28-2017

Hello Alikutty,

Apologies for the delay in responding to you. I have updated the script as per the above however the workflow is producing the error below when processing Step 3 of the workflow:

Alikutty A · ‎03-28-2017

Hi,

What values did you select on change approvers field? Was it the change requester alone?

Thanks

Please Hit like, Helpful or Correct depending on the impact of the response

Steve Brown1 · ‎03-28-2017

Hi Alikutty,

Thank you for assisting me in this.

The User I am using during this testing is listed within the Change Approvers field for their Assignment Group. Do I need to add all of the Change Approvers from each Assignment Group to the script where I have entered 'Add Name, Add Name, Add Name' below (is this the correct format if so)?

I had tried adding two users in the below format however the workflow still stopped with the error further down.