Restrict Standard change templates under preapproved tab of change models for a particular group

pradnyajamgaonk · 15 hours ago

Hi All,

We have a requirement to restrict access for a particular group to preapproved standard change templates in change models.

I have tried 'Available for' related list approach but it's not working as expected.

Can you please suggest feasibility to achieve this with Business rule/Client script to hide at front end.

Scripts suggestions would be helpful.

Thanks.

Regards,

Pradnya

Vishal Jaswal · 11 hours ago

Hello @pradnyajamgaonk

I doubt that this is even possible via User Criteria or possible at all. I believe all models whose "Available in 'Create New'" is set to true will always display when click Create New under Change Request.

Please verify the same with ServiceNow via HI Case.

If ServiceNow says it is possible then please do share here - else, you need to create a script include to check the logged in user's group membership and then write client script to make all change requests fields read only and hide save and submit button and display alert message for restricted users something like below:

Script Include:

var grpSysID = gs.getProperty('group.abc'); //sys_id = 2073c524935c4b503161f24cdd03d681

var CheckuserGroup = Class.create();
CheckuserGroup.prototype = Object.extendsObject(AbstractAjaxProcessor, {
    getgroup: function() {
        var usersysid = this.getParameter('sysparm_name_sysid');//getting usersysid from client
        var grMem = new GlideRecord("sys_user_grmember");
        grMem.addQuery('user', usersysid); 
        grMem.addQuery('group', grpSysID);		
        grMem.query();
        if (grMem.next()) {
            return true;
        } else {
            return false;
        }
    },
    type: 'CheckuserGroup'
});

Client Script (DOM Manipulation) with Isolate Script unchecked as below:

function onLoad() {

    var sysid = g_user.userID; //get current user sysid
    var ga = new GlideAjax('global.CheckuserGroup'); //script include name
    ga.addParam('sysparm_name', 'getgroup'); //function name
    ga.addParam('sysparm_name_sysid', sysid); //passing logged in user's sysid to script include
    ga.getXMLAnswer(getGroup);

    function getGroup(response) {
        if (response == 'true' && g_form.getDisplayValue('chg_model') === 'Standard') {
            alert('You are not allowed to create Pre-approved Standard Change Request!');

            // Hide Save and Submit UI Actions (buttons) --> Reference: https://stackoverflow.com/questions/43452670/hide-save-button-on-asset-form

            var items = $$('BUTTON').each(function(item) {
                if (item.innerHTML.indexOf('Submit') > -1) {
                    item.hide();
                }
            });

            var items1 = $$('BUTTON').each(function(item) {
                if (item.innerHTML.indexOf('Save') > -1) {
                    item.hide();
                }
            });

            // Make all editable fields read-only
            var fields = g_form.getEditableFields();
            for (var x = 0; x < fields.length; x++) {
                g_form.setReadOnly(fields[x], true);
            }
        } 
    }
}

Hope that helps!