Should not allow to add ITIL or Admin roles to Contact users

Sarah Bouil
Tera Expert

If I try to add itil or admin role to Contact users, I want to abort the action. Kindly assist me.

16 REPLIES 16

Mark Manders
Mega Patron

Create a before business rule on the 'sys_user_has_role' table with an abort if the class of the user is contact and the role is itil or admin. 


Please mark any helpful or correct solutions as such. That helps others find their solutions.
Mark

Thank you for your quick reply. Also, I wante restrict from Group too. The ITIL or Admin role will inherited from groups also right?. Should restrict it. How to do that?

(function executeRule(current, previous /*null when async*/) {

    var gr = new GlideRecord('sys_user_group');
    gr.addQuery('sys_id', current.group);
    gr.query();
    if (gr.next()) {
        var roleQuery = gr.roles;
        roleQuery.addQuery('name', 'IN', 'itil,admin');
        roleQuery.query();
        if (roleQuery.hasNext()) {
            // Abort the insertion of the record
            current.setAbortAction(true);
    
        }
    }

})(current, previous);

For groups you can use a before business rule on the sys_user_grmember table. Trigger on user class = contact and use this script:

 

 


Please mark any helpful or correct solutions as such. That helps others find their solutions.
Mark

Hi Mark,

 

I tried above script but still I can be able to add itil or admin roles if the group contains that roles. I am not understanding what is the issue with above script?