Script to exclude Caller from restricted view of Assignment group incidents

tpalamore · ‎07-03-2025

I am using the below Business Rule script to block view of incidents assigned to a specific groups from other users that are not in that group. This is causing an error message for the caller.

What line needs to be added to exclude the block from caller, to where the caller can see their submitted incident?

Condition: !gs.getUser().isMemberOf('ServiceNow - HR');

Script:

(function executeRule(current, previous /*null when async*/ ) {

var grp = current.addNullQuery('assignment_group').addOrCondition('assignment_group','!=','5655ec7b47716a10661782b5536d43c7');

})(current, previous);

SupriyaWaghmode · ‎07-03-2025

@tpalamore

Can you remove some from group name keep as "Servicenow-HR" then validate?

Have you written before query business rule? Please check

If these points are helpful and resolved your issue, then marked as accepted/helpful.

--

Thanks & Regards ,

Supriya Waghmode |ServiceNow Consultant

www.linkedin.com/in/supriya-waghmode

tpalamore · ‎07-03-2025

Can you remove some from group name keep as "Servicenow-HR" then validate?

Please clarify

And yes, I have in the When to Run section:

Dubz · ‎07-03-2025

If you're on Yokohama or beyond, you can take advantage of security data filters to fulfil requirements like this. Take a little look at the article below, it's very good and explains all the different security options really clearly:

https://sn-nerd.com/2025/06/09/is-records-hidden-by-security-constraints-still-a-thing-after-the-lat...

MarkBennettCC · ‎07-03-2025

Could you add "&& current.caller_id != gs.getUserID()" to your condition so it will not run if the caller is the current user