Thank you for your quick reply. Also I want restrict from Group too. The ITIL or Admin role will inherit from group also right. Should restrict it. How to do that?

Hi @Sarah Bouil 

You can use advance script section as well to add condition to check if user is member of particular group or not

gs.getUser().isMemberOf('<add you group name'>)

Then in business rule script section use

current.setAbortAction(true);

This will definitely helps you to resolved your issue. Let me know in case you need to understand the flow or you can DM on LinkedIn.

If this solution resolves your query, kindly mark it as the accepted solution and give it a thumbs up.

Best Regards,
Krushna Birla

<add you group name> I can add if it's a one group. But it should be verify dynamically. I should not hordcoded the group name. There might be many groups which contains ITIL right.

I dont think you need to think of groups here. Just by adding roles in condition as said earlier this will fulfil your requirement. As script will validate for only those user having role in itil and admin no matter which group user is part of.

I would say, please try previous solution once and check for different users. It should work.

This will definitely helps you to resolved your issue. Let me know in case you need to understand the flow or you can DM on LinkedIn.

If this solution resolves your query, kindly mark it as the accepted solution and give it a thumbs up.

Best Regards,
Krushna Birla