Restricting RITMs or tasks access of a particular item to a certain group

Manasseh Nikhil · ‎06-29-2022

Hello,

Is there a way we can hide or restrict access of RITMs raised from a catalog item to only certain assignment group. Even ITIL users and admins should not be able to view it in list view. It should only be visible to that particular group which we need. Its related to confidentiality requirement.

I tried to create an ACL and gave it read operation where condition item value will be of that catalog item and if the user is a member of that group then answer will be true. But it is not working. I think it is conflicting with out of box ACL rule to sc_req_item read operation rule where role is ITIL. So ITIL users are able to view.

Is there any other way to achieve this?

Thanks in advance.

Regards,

Nikhil

Aman Kumar S · ‎06-29-2022

In the OOB ACL, you can add condition such as:
catalog item - is not - your_catalog_item

And have a dedicated ACL for yours as:

catalog item - is - your_catalog_item

It should work alright then

Best Regards
Aman Kumar

View solution in original post

Cory Miller · ‎07-21-2022

Hello,

This sounds like exactly what we are looking for.

We have been trying to do this and it is not working properly.

Here is our scenario:

We have a catalog item that creates a Request, RITM & sc_task that we want to restrict visibility to only members of a certain security group.

We have created a role and assigned it to that group and added members to the group who need access. No one else, including ITIL or admin should have access to the RITM or it's sc_tasks.

Can you provide an example of what the ACLs should look like please?

Harish KM · ‎06-29-2022

Another way is to use before query Business rule

Refer example here

https://servicenowguru.com/scripting/business-rules-scripting/controlling-record-access-before-query-business-rules/

Regards
Harish