We've updated the ServiceNow Community Code of Conduct, adding guidelines around AI usage, professionalism, and content violations. Read more

query business rule

chandan2212
Tera Contributor

yesterday

Hi Team,

I need to write a Query Business Rule where the short description contains "test12334", and only members of two groups (Group A and Group B) should be able to see those tickets in the list view in the catalog task. Could you please provide the Query Business Rule script that satisfies this requirement?

  • 165 Views
5 REPLIES 5

YashwanthV18760
Giga Guru

yesterday

Hi, @chandan2212 

 

You can achieve this using a Query Business Rule on the Catalog Task table that filters records dynamically based on group membership.

 

Requirement logic:
If Short description contains "test12334" → only users in Group A or Group B should see those records.
All other users should not see those records at all in list view.

Create a Query Business Rule with these settings:

  • Table: sc_task (Catalog Task)

  • When: Before

  • Query: true

  • Advanced: true

Script:

(function executeRule(current, previous /*null when async*/) {

    var restrictedText = "test12334";

    // Check if current user is in allowed groups
    var allowed = false;
    if (gs.getUser().isMemberOf('Group A') || gs.getUser().isMemberOf('Group B')) {
        allowed = true;
    }

    // If user is NOT allowed, exclude those records from query
    if (!allowed) {
        current.addEncodedQuery("short_descriptionNOT LIKE" + restrictedText);
    }

})();

 

How this works:
This does not block access after load — it filters records at query level. So unauthorized users never see those records in list results, which is the correct and recommended approach for visibility control.

 

Important notes:
• Replace "Group A" and "Group B" with actual group names or sys_ids.
• Query Business Rules run before data is fetched, so they are ideal for row-level visibility logic.
• This does not affect users in allowed groups — they still see all records.

 

Optional improvement (recommended for performance if table is large):
Instead of LIKE, use STARTSWITH or CONTAINS only if necessary. LIKE queries on large tables can be slower.

 

Alternative enterprise approach:
If this requirement is permanent security logic, consider using ACL conditions instead of a query BR. ACLs are the platform-standard way to enforce record visibility. Use Query BR only if requirement is dynamic or conditional.

 

Summary:
Use a Query Business Rule to append a NOT LIKE condition for users outside allowed groups. This hides matching records from unauthorized users at query level itself.

Hope this helps.

Mark Manders
Mega Patron

3 hours ago

Filtering out based on a string is really bad practice. Please reconsider this. If you need this to be on the sc_task, that means that it is for certain tasks on an item. Why not just assign them to either of these groups and use the item and/or the groups to filter and NOT the short description. In fact: as soon as someone changes the short description, it becomes visible again.

 

And consider not using  a query BR, but security data filters. These also allow for not showing the 'security constraints prevent...' message.


Please mark any helpful or correct solutions as such. That helps others find their solutions.
Mark

yashkamde
Kilo Sage

2 hours ago

Hello @chandan2212 ,

 

This query BR script should fullfill your requirement :

        var userGroups = gs.getUser().getMyGroups();
        var allowedGroups = ['Group A', 'Group B'];

        var isAllowed = false;
        for (var i = 0; i < userGroups.length; i++) {
            var groupName = userGroups[i].getDisplayValue();
            if (allowedGroups.indexOf(groupName) > -1) {
                isAllowed = true;
                break;
            }
        }
        if (!isAllowed) {
            current.addQuery('sys_id', '');
        }

 

If my response helped mark as helpful and accept the solution.

0 Helpfuls

its_SumitNow
Mega Sage

2 hours ago

Hi @chandan2212 

I had a similar requirement recently and managed to get it working with a Query Business Rule on the sc_task table. Sharing the script below (Use Before Query Br)

(function() {

    // Skip restriction for admins
    if (gs.hasRole('admin')) return;

    var GROUPS = ['Group A', 'Group B'];
    var userID = gs.getUserID();
    var isMember = false;

    // Check if current user belongs to Group A or Group B
    for (var i = 0; i < GROUPS.length; i++) {
        if (gs.getUser().isMemberOf(GROUPS[i])) {
            isMember = true;
            break;
        }
    }

    // If user is NOT a member of either group,
    // hide any records where short_description contains "test12334"
    if (!isMember) {
        addQuery('short_description', 'NOT CONTAINS', 'test12334');
    }

})();

 

I hope my reply helps, If yes please mark helpful & accept as Solution 🙂

 

Regards

Sumit