Restrict ITIL user to write an update on closed RITM

savaliya · Wednesday

Hi all,

I’m running into an issue in ServiceNow related to Activity updates from Employee Service Center (ESC).

Users who have the itil role (and are also the requester) are still able to add Activity comments on a closed / inactive RITM through ESC. Even after the Requested Item is closed and no longer active, the Activity stream still allows them to post updates.

I want to restrict that once the RITM is closed, these users should no longer be able to write Activity comments from ESC.

What would be the best practice to restrict this?

Any recommended approach or example implementation would be appreciated.

Thanks!

Ankur Bawiskar · Wednesday

@savaliya

May be field level WRITE ACL is allowing that.

Did you check if same behavior happens on native?

try to use Access analyzer and debug

[Vancouver Release] Customers gain enhanced access visibility with ServiceNow Access Analyzer

My analysis and approach

-> there are 3 field level WRITE ACLs on RITM.Comments

https://instanceName.service-now.com/sys_security_acl_list.do?sysparm_query=name%3Dsc_req_item.comments%5Eoperation.nameSTARTSWITHwrite&sysparm_view=

Try to see which one is allowing and add condition as this

State [IS ONE OF] Pending, Open, Work in progress

If my response helped, please mark it as correct ✅ and close the thread 🔒— this helps future readers find the solution faster! 🙏

Regards,
Ankur
✨ Certified Technical Architect || ✨ 9x ServiceNow MVP || ✨ ServiceNow Community Leader

View solution in original post

Ankur Bawiskar · Wednesday

@savaliya

May be field level WRITE ACL is allowing that.

Did you check if same behavior happens on native?

try to use Access analyzer and debug

[Vancouver Release] Customers gain enhanced access visibility with ServiceNow Access Analyzer

My analysis and approach

-> there are 3 field level WRITE ACLs on RITM.Comments

https://instanceName.service-now.com/sys_security_acl_list.do?sysparm_query=name%3Dsc_req_item.comments%5Eoperation.nameSTARTSWITHwrite&sysparm_view=

Try to see which one is allowing and add condition as this

State [IS ONE OF] Pending, Open, Work in progress

If my response helped, please mark it as correct ✅ and close the thread 🔒— this helps future readers find the solution faster! 🙏

Regards,
Ankur
✨ Certified Technical Architect || ✨ 9x ServiceNow MVP || ✨ ServiceNow Community Leader

BharatC · Wednesday

Hi @savaliya

update this ACL
Type = Record , Operation= Write Name=sc_req_item.comments

Add conditon script:
// Allow write only if record is active
if (!current.active) {
answer = false;
return;
}

answer = true;

Also do this for worknotes

Please mark this response as Helpful & accept it as solution if it assisted you with your question.

Regards

Tanushree Maiti · Wednesday

Hi @savaliya ,

In Your instance , check the existing Write ACL on comments field of sc_req_item.

Modify those by updating (filter option of ACL like State is not closed AND Active =true etc , update script as well to validate role if you want to allow admin only) as per your requirement.

Please mark this response as Helpful & Accept it as solution if it assisted you with your question.
Regards
Tanushree Maiti
ServiceNow Technical Architect
Linkedin: