- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-10-2015 07:51 AM
We have a requirement to restrict users from "Company123" from viewing "everyone else's" incidents, so they will only be able to see records if the caller or the opened by fields is someone from their company, OR if it is assigned to one of the "company123" assignment groups. (everyone else will see "everything")
We have tried to adapt the before business rule in http://www.servicenowguru.com/scripting/business-rules-scripting/controlling-record-access-before-qu...
but this has not worked.
here is the script we are using:
if (gs.getUser().getCompanyID()=='sysid of Company123 in here') {
var u = gs.getUserID();
var q = current.addQuery("caller_id", u);
q.addOrCondition("opened_by", u);
current.addOrCondition('assignment_group.name', "CONTAINS", "Company123");
gs.addInfoMessage("The records are restricted to the current logged in User");
}
after much brain ache we are stuck...
please can anyone suggest where we are going wrong?
many thanks
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-10-2015 03:45 PM
Out of the box there is a company field throughout the platform including on task, user and locations. When you create an incident for a user the company from the sys_user record is populated in the incident. I would recommend using this approach for your record separation utilizing these out of the box capabilities:
if(gs.getUser().getCompanyID()=='sysid of Company123 in here' && gs.getSession().isInteractive()){
var u = gs.getUserID();
var qc = current.addQuery('opened_by', u);
qc.addOrCondition('caller_id', u);
qc.addOrCondition('company', 'sysid of Company123 in here');
}
There isn't a company field on the sys_user_group table, but you could add one if you also need to factor incident assignment into the visibility of these tickets.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-10-2015 03:03 PM
Are you actually getting records returned with that query? You should be able to use this line to get the row count.
gs.log("Before Query found this many records" + current.getRowCount());
You might try using an encoded query there instead of the regular addQuery. So instead of:
current.addOrCondition('assignment_group.name', "CONTAINS", "Company123");
You would have:
current.addQuery('assignment_group.nameLIKEcompany123');
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-11-2015 01:28 AM
Thanks Patrick - we decided to go with Michael's suggestion so that it is easier to support going forwards - thank you very much for your time though - very much apppreciated.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-10-2015 03:41 PM
Hi, try this...
if (gs.getUser().getCompanyID()=='sysid of Company123 in here') {
var u = gs.getUserID();
var qc = current.addQuery("caller_id", u).addOrCondition("opened_by", u).addOrCondition('assignment_group.name', "CONTAINS", "Company123");
gs.print("query restricted to user: " + u);
}
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-11-2015 01:27 AM
Thanks Benny - we decided to go with Michael's suggestion so that it is easier to support going forwards - thank you very much for your time though - very much apppreciated.
