Restrict itil users to view Incidents assigned to HR groups
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-08-2024 10:01 PM
Hi,
I have a requirement where I need to restrict visibility to itil users, of Incidents assigned to HR groups.
I believe this can be achieved by ACL and Query BR. Can anyone help me with achieve this?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-08-2024 10:48 PM
Hi @Viraj Sapte ,
In ServiceNow, restricting visibility of Incidents assigned to HR groups for ITIL users can indeed be achieved using Access Control Lists (ACLs) and Query Business Rules. Here’s a step-by-step guide to accomplish this:
Step 1: Create an ACL Navigate to System Security > Access Control (ACL).
Create a new ACL:
Table: incident
Type: record
Operation: read
Set the condition to restrict access:
Condition: assigned_to is in HR Groups or assignment_group is in HR Groups.
Set the Script to check user roles:
In the Advanced tab, use a script to ensure ITIL users are restricted:
// Get the assignment group of the incident
var assignmentGroup = current.assignment_group;
// Check if the user is an ITIL user and the assignment group is HR
if (gs.hasRole('itil') && assignmentGroup.name == 'HR') {
answer = false;
} else {
answer = true;
}
Step 2: Create a Query Business Rule
Navigate to System Definition > Business Rules.
Create a new Business Rule:
Name: Restrict ITIL Visibility to HR Incidents
Table: incident
Advanced: true
When: before
queryCondition:current.assignment_group is HR Groups.
Script:Use the following script to filter out incidents for ITIL users:
if (gs.hasRole('itil')) {
// Add a query to restrict incidents assigned to HR groups
var hrGroups = ['HR Group 1', 'HR Group 2']; // replace with actual HR group names
current.addQuery('assignment_group', 'NOT IN', hrGroups);
}
If my reply helped with your issue please mark helpful 👍 and correct ✔️ if your issue is resolved.
By doing so you help other community members find resolved questions which may relate to an issue they're having
Thanks,
Astik
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-09-2024 12:21 AM
Hi @Viraj Sapte ,
Please Ignore my previous reply .
We can do it in both way . Using Before query Business rule and also using ACL
Here is example how to achieve it with Using Before Query Business Rule
Create Before Business Rule -
Name : Restrict ITIL Visibility to HR Incident
When : Before Query
Script -
(function executeRule(current, previous /*null when async*/ ) {
if (gs.hasRole('itil')) {
current.addEncodedQuery('assignment_group.name!=HR');// include any group as per your requirement
})(current, previous);
I checked it in my PDI and it is working fine
If my reply helped with your issue please mark helpful 👍 and correct ✔️ if your issue is resolved.
By doing so you help other community members find resolved questions which may relate to an issue they're having
Thanks,
Astik
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-09-2024 04:21 AM
Hi @Astik Thombare,
Thank you for your inputs. I was trying to achieve it by assigning type as 'human_resource' to the groups as there will be multiple groups. Could you please help me with this?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-09-2024 06:28 AM
HI @Viraj Sapte ,
Please update the code in before BR as below -
(function executeRule(current, previous /*null when async*/) {
// Initialize a GlideRecord object for the 'sys_user_group_type' table
var groupTypeGr = new GlideRecord('sys_user_group_type');
// Add a query to find the group type with the name 'human_resources'
groupTypeGr.addQuery('name', 'human_resources');
groupTypeGr.query();
// Check if the query returns any records
if (groupTypeGr.next()) {
// Get the sys_id of the 'human_resources' group type
var humanResourcesTypeSysId = groupTypeGr.sys_id.toString();
// Check if the current user has the 'itil' role
if (gs.hasRole('itil')) {
// Initialize a GlideRecord object for the 'sys_user_group' table
var groupGr = new GlideRecord('sys_user_group');
// Add a query to find groups with the type 'human_resources'
groupGr.addQuery('type', 'CONTAINS', humanResourcesTypeSysId);
groupGr.query();
// Collect the sys_ids of these groups
var groupIds = [];
while (groupGr.next()) {
groupIds.push(groupGr.sys_id.toString());
}
// If there are any groups of type 'human_resources'
if (groupIds.length > 0) {
// Add a query to exclude incidents assigned to these groups
current.addQuery('assignment_group', 'NOT IN', groupIds);
}
}
}
})(current, previous);
I have tested it in PDI and it is working as expected
If my reply helped with your issue please mark helpful 👍 and correct ✔️ if your issue is resolved.
By doing so you help other community members find resolved questions which may relate to an issue they're having
Thanks,
Astik