Restrict Module visibility to certain groups
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
3 hours ago - last edited 3 hours ago
Hello All,
I created a "Incident Dashboard" module under the Incident application. The requirement is to restrict visibility to only admin and groups where the “Include members” (u_include_members) field is true in the sys_user_group table.
I used below before query business rule, but its not working. I am new to scripting.
I will also like to use system property to store the module sys_id instead of directly calling the sys_id from the script
(function executeRule(current, previous /null when async/ ) {
// Add your code here
var opst = new GlideRecord("sys_user_grmember");
opst.addEncodedQuery("userDYNAMIC" + gs.getUserID() + "^group.u_include_members=true");
opst.query();
if (!opst.next()) {
current.addQuery('sys_id', '!=', '3D2ea6922d0451b650e898e6c94f784125'); //sys_id of the module
}
})(current, previous);
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
2 hours ago
so if logged in user is admin or logged in user is member of any group where "u_include_members" is true then that user should see
try this
-> ensure in query BR add this condition !gs.hasRole('admin')
-> create property of type string and store sysid there
(function executeRule(current, previous /*null when async*/ ) {
// Add your code here
var opst = new GlideRecord("sys_user_grmember");
opst.addEncodedQuery("user=" + gs.getUserID() + "^group.u_include_members=true");
opst.query();
if (!opst.hasNext()) {
current.addQuery('sys_id', '!=', gs.getProperty('propertyName')); //sys_id of the module
}
})(current, previous);💡 If my response helped, please mark it as correct ✅ and close the thread 🔒— this helps future readers find the solution faster! 🙏
Ankur
✨ Certified Technical Architect || ✨ 9x ServiceNow MVP || ✨ ServiceNow Community Leader
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
24m ago
Hi @Ken61
Step 1: Create the System Property
Instead of pasting the sys_id directly into the script, we store it in a property.
-
Type
sys_properties.listin the Filter Navigator. -
Click New.
-
Name:
com.incident.dashboard.module.id(Or your preferred naming convention). -
Type:
String -
Value: [Paste the Sys ID of your "Incident Dashboard" module here]
-
Save.
Step 2: The Business Rule
This script filters the Application Navigator results. It checks if the user is relevant; if not, it removes the Dashboard Module from their view.
-
Table: Module [sys_app_module]
-
When: Before
-
Query: Checked
-
Advanced: Checked
(function executeRule(current, previous /*null when async*/) { if (gs.hasRole('admin')) { return; } var targetModuleId = gs.getProperty('com.incident.dashboard.module.id'); if (gs.nil(targetModuleId)) { return; } var grMember = new GlideRecord('sys_user_grmember'); grMember.addQuery('user', gs.getUserID()); // Check current user grMember.addQuery('group.u_include_members', true); // Check the flag on the Group table grMember.setLimit(1); // PERFORMANCE: We only need to find ONE match to grant access grMember.query(); var isAuthorized = grMember.hasNext(); // 4. Apply Restriction // If they are NOT authorized, filter OUT the specific module if (!isAuthorized) { current.addQuery('sys_id', '!=', targetModuleId); } })(current, previous);Happy to help! If this resolved your issue, kindly mark it as the correct answer ✅ and Helpful and close the thread 🔒 so others can benefit too.
Warm Regards,
Deepak Sharma
Community Rising Star 2025
