Restrict certain tasks to assignment group and users who open/requested for

Anthony16 · ‎07-06-2022

We want to restrict viewing tickets that are assigned to our legal team (by other groups in servicenow). I need the Legal team and the users who are in requested_by or opened_by fields to only be able to view their tickets. I have created a field and marked these tickets as u_legal_confidential, also a role and assigned to the legal team. This BR query works below, but does not allow users to view the tickets that are opened by or requested by them (cause its not added)

Condition: (!gs.hasRole("legal_confidential"))

(function executeRule(current, previous /*null when async*/) {

// role validation (!gs.hasRole("top_secret")) is part of the Business Rule Conditions
//add to query filter to only return incidents with top secret false
var extraQuery = "u_legal_confidential=false";

if(current.getEncodedQuery() == ""){
current.addEncodedQuery(extraQuery);
}
else{

current.addEncodedQuery("^EQ^" + extraQuery);
// ^EQ^ is needed to handle ^NQ (big OR) conditions
}

})(current, previous);

I don't know enough about scripting to include those options, any help would be appreciated.

SUBHAM_SHAW_SN · ‎07-10-2022

The better approach would be to create a record ACLs with the operation being read and put the below code in the ACL script:

answer=true;
var assignmentGroup=current.getValue('assignment_group');
if(assignmentGroup=='<sys_id of legal group>'){
     if(!gs.getUser().isMemberOf('<sys_id of legal group>')){
         answer=false;
      }

    else if(current.getValue('requested_by')!=gs.getUserID()){
       answer=false;
     }
}

Please mark correct if it is helpful.

Anthony16 · ‎07-18-2022

I don't think that did anything really, I am not seeing anything different. People from other groups than the legal team and see / read these tickets. Maybe I did something wrong.