Restrict Module visibility to certain groups

Go to solution
Ken61
Giga Guru

‎11-19-2025 07:07 PM - edited ‎11-19-2025 07:08 PM

Hello All,

I created a "Incident Dashboard" module under the Incident application. The requirement is to restrict visibility to only admin and groups where the “Include members” (u_include_members) field is true in the sys_user_group table.

I used below before query business rule, but its not working. I am new to scripting.

I will also like to use system property to store the module sys_id instead of directly calling the sys_id from the script

(function executeRule(current, previous /null when async/ ) {
// Add your code here
var opst = new GlideRecord("sys_user_grmember");
opst.addEncodedQuery("userDYNAMIC" + gs.getUserID() + "^group.u_include_members=true");
opst.query();
if (!opst.next()) {
current.addQuery('sys_id', '!=', '3D2ea6922d0451b650e898e6c94f784125'); //sys_id of the module

}



})(current, previous);

 

 

0 Helpfuls
  • 681 Views
2 ACCEPTED SOLUTIONS

Go to solution
Ankur Bawiskar
Tera Patron
Tera Patron

‎11-19-2025 07:36 PM

@Ken61 

so if logged in user is admin or logged in user is member of any group where "u_include_members" is true then that user should see

try this

-> ensure in query BR add this condition !gs.hasRole('admin')

-> create property of type string and store sysid there

(function executeRule(current, previous /*null when async*/ ) {

    // Add your code here
    var opst = new GlideRecord("sys_user_grmember");
    opst.addEncodedQuery("user=" + gs.getUserID() + "^group.u_include_members=true");
    opst.query();
    if (!opst.hasNext()) {
        current.addQuery('sys_id', '!=', gs.getProperty('propertyName')); //sys_id of the module
    }

})(current, previous);

💡 If my response helped, please mark it as correct and close the thread 🔒— this helps future readers find the solution faster! 🙏

Regards,
Ankur
Certified Technical Architect  ||  9x ServiceNow MVP  ||  ServiceNow Community Leader

View solution in original post

0 Helpfuls

Go to solution
Deepak Shaerma
Mega Sage
Mega Sage

‎11-19-2025 09:36 PM

Hi @Ken61 

Step 1: Create the System Property

Instead of pasting the sys_id directly into the script, we store it in a property.

  1. Type sys_properties.list in the Filter Navigator.

  2. Click New.

  3. Name: com.incident.dashboard.module.id (Or your preferred naming convention).

  4. Type: String

  5. Value: [Paste the Sys ID of your "Incident Dashboard" module here]

  6. Save.


Step 2: The Business Rule

This script filters the Application Navigator results. It checks if the user is relevant; if not, it removes the Dashboard Module from their view.

  • Table: Module [sys_app_module]

  • When: Before

  • Query: Checked

  • Advanced: Checked

    (function executeRule(current, previous /*null when async*/) {

    if (gs.hasRole('admin')) {
        return;
    }
    var targetModuleId = gs.getProperty('com.incident.dashboard.module.id');
    if (gs.nil(targetModuleId)) {
        return;
    }
    
    var grMember = new GlideRecord('sys_user_grmember');
    grMember.addQuery('user', gs.getUserID());         // Check current user
    grMember.addQuery('group.u_include_members', true); // Check the flag on the Group table
    grMember.setLimit(1); // PERFORMANCE: We only need to find ONE match to grant access
    grMember.query();

    var isAuthorized = grMember.hasNext();

    // 4. Apply Restriction
    // If they are NOT authorized, filter OUT the specific module
    if (!isAuthorized) {
        current.addQuery('sys_id', '!=', targetModuleId);
    }

})(current, previous);



    Happy to help! If this resolved your issue, kindly mark it as the correct answer   and Helpful and close the thread 🔒 so others can benefit too.

    Warm Regards,

    Deepak Sharma

    Community Rising Star 2025



View solution in original post

3 REPLIES 3

Go to solution
Ankur Bawiskar
Tera Patron
Tera Patron

‎11-19-2025 07:36 PM

@Ken61 

so if logged in user is admin or logged in user is member of any group where "u_include_members" is true then that user should see

try this

-> ensure in query BR add this condition !gs.hasRole('admin')

-> create property of type string and store sysid there

(function executeRule(current, previous /*null when async*/ ) {

    // Add your code here
    var opst = new GlideRecord("sys_user_grmember");
    opst.addEncodedQuery("user=" + gs.getUserID() + "^group.u_include_members=true");
    opst.query();
    if (!opst.hasNext()) {
        current.addQuery('sys_id', '!=', gs.getProperty('propertyName')); //sys_id of the module
    }

})(current, previous);

💡 If my response helped, please mark it as correct and close the thread 🔒— this helps future readers find the solution faster! 🙏

Regards,
Ankur
Certified Technical Architect  ||  9x ServiceNow MVP  ||  ServiceNow Community Leader
0 Helpfuls

Go to solution
Ankur Bawiskar
Tera Patron
Tera Patron
In response to Ankur Bawiskar

‎11-25-2025 09:34 PM

@Ken61 

I believe I also shared a working solution.

As per new community feature you can mark multiple responses as correct.

💡 If my response helped, please mark it as correct as well so that this helps future readers find the solution faster! 🙏

Regards,
Ankur
Certified Technical Architect  ||  9x ServiceNow MVP  ||  ServiceNow Community Leader
0 Helpfuls

Go to solution
Deepak Shaerma
Mega Sage
Mega Sage

‎11-19-2025 09:36 PM

Hi @Ken61 

Step 1: Create the System Property

Instead of pasting the sys_id directly into the script, we store it in a property.

  1. Type sys_properties.list in the Filter Navigator.

  2. Click New.

  3. Name: com.incident.dashboard.module.id (Or your preferred naming convention).

  4. Type: String

  5. Value: [Paste the Sys ID of your "Incident Dashboard" module here]

  6. Save.


Step 2: The Business Rule

This script filters the Application Navigator results. It checks if the user is relevant; if not, it removes the Dashboard Module from their view.

  • Table: Module [sys_app_module]

  • When: Before

  • Query: Checked

  • Advanced: Checked

    (function executeRule(current, previous /*null when async*/) {

    if (gs.hasRole('admin')) {
        return;
    }
    var targetModuleId = gs.getProperty('com.incident.dashboard.module.id');
    if (gs.nil(targetModuleId)) {
        return;
    }
    
    var grMember = new GlideRecord('sys_user_grmember');
    grMember.addQuery('user', gs.getUserID());         // Check current user
    grMember.addQuery('group.u_include_members', true); // Check the flag on the Group table
    grMember.setLimit(1); // PERFORMANCE: We only need to find ONE match to grant access
    grMember.query();

    var isAuthorized = grMember.hasNext();

    // 4. Apply Restriction
    // If they are NOT authorized, filter OUT the specific module
    if (!isAuthorized) {
        current.addQuery('sys_id', '!=', targetModuleId);
    }

})(current, previous);



    Happy to help! If this resolved your issue, kindly mark it as the correct answer   and Helpful and close the thread 🔒 so others can benefit too.

    Warm Regards,

    Deepak Sharma

    Community Rising Star 2025