Restrict users to see incidents

GirishBabuK · ‎06-23-2024

I have one requirement that if u_incident_type is security, and assignment_group is SOC then those incidents should be visible to only the people who has the role Splunk-Access.

Kindly suggest me

SN_Learn · ‎06-23-2024

Hi @GirishBabuK ,

You can create a read ACL with the below script in incident table.

if(current.assignment_group == 'sys_id_of_SOC_group' && current.u_incident_type == 'Security'){
answer = gs.hasRole('Splunk_Access');
}

Replace with the correct sysIds.

Note: The best practice will be to store the sysID of group in a system property and call it as below:

gs.getProperty('<property_name>');

Mark this as Helpful / Accept the Solution if this helps

----------------------------------------------------------------
Mark this as Helpful / Accept the Solution if this helps.

GirishBabuK · ‎06-23-2024

this is not working

James Chun · ‎06-24-2024

Hi @GirishBabuK,

You can use the Data Filtration capability - https://docs.servicenow.com/bundle/washingtondc-platform-security/page/administer/security/concept/d...

Should be pretty easy to set one up.

Cheers

Dr Atul G- LNG · ‎06-24-2024

Hi @GirishBabuK

You can use ACL as well for this.

*************************************************************************************************************
If my response proves useful, please indicate its helpfulness by selecting " Accept as Solution" and " Helpful." This action benefits both the community and me.

Regards
Dr. Atul G. - Learn N Grow Together
ServiceNow Techno - Functional Trainer
LinkedIn: https://www.linkedin.com/in/dratulgrover
YouTube: https://www.youtube.com/@LearnNGrowTogetherwithAtulG
Topmate: https://topmate.io/atul_grover_lng [ Connect for 1-1 Session]

****************************************************************************************************************