the logged-in user is a member of groups name contains "Nxt". allow to assign INC

varma2
Mega Sage

Hi All.

the logged-in user is a member of any group name contains "Nxt". If they are, then allow them to assign tickets to the following groups
AP-NTT-PS-Support , SAP-T-APO-Support , SAP-N-MII-Support
How can we achieve this trough ACL.

Please provide the some script to achieve this requirement.
 
Rgards
 
 
14 REPLIES 14

GlideFather
Tera Patron

Hi @varma2,

 

this Community is to for learning, not to ask others doing your job. Please show us what you have tried and where you got stuck and we will try to help you.

 

It is not fair to ask others "hey do this"... :)) please tell us what you tried and what are your struggles, this seems that you didn't even bother to start :((

———
/* If my response wasn’t a total disaster ↙️ drop a Kudos or Accept as Solution ↘️ Cheers! */


Viraj Hudlikar
Giga Sage

Hello @varma2 

 

A combination of Script Include and Write ACL for assignment group field will be good approach for you.
In script include place a logic to check if the logged-in user is a member of a group containing "Nxt" and ACL will be configured on the assignment_group field of the incident or sc_req_item etc., depending on what "tickets" refer to table, using the Script Include to determine if the user can assign to the specified groups.

Give a try with this logic.
If you are stuck with your script or something do share so we can guide.

 

If my response has helped you hit helpful button and if your concern is solved do mark my response as correct.

 

Thanks & Regards
Viraj Hudlikar.

Hello @Viraj Hudlikar ,

I have tried below script in ACL but its not working 

 (function() {
    // Define the allowed assignment groups
    var allowedGroups = [
        "SAP-T-PS-Support",
        "SAP-T-APO-Support",
        "SAP-T-MII-Support"
    ];

    // Check if the current user is part of any group with "Nxt" in the name
    var isUserInNxtGroup = false;
    var grMember = new GlideRecord("sys_user_grmember");
    grMember.addQuery("user", gs.getUserID());
    grMember.query();
    while (grMember.next()) {
        var group = grMember.getElement("group").getRefRecord();
        if (group && group.name.toLowerCase().includes("nxt")) {
            isUserInNxtGroup = true;
            break;
        }
    }

    // Deny if not part of a "Nxt" group
    if (!isUserInNxtGroup) {
        return false;
    }

    // If user is in a Nxt group, ensure they are setting an allowed assignment group
    if (current.assignment_group) {
        var assignedGroupName = current.assignment_group.getDisplayValue();
        return allowedGroups.indexOf(assignedGroupName) !== -1;
    }

    return false;
})();

Hello @varma2 

I have already told concept which should be followed where Script Include will do logic check and in ACL just see if user is part of that group or not.

so your "Write" ACL on "assignment group" field will have below script:

// Define the allowed groups by sys_id for better performance and reliability
// Replace with the actual sys_ids of your groups
var allowedGroups = [
    'sys_id_of_AP-NTT-PS-Support',
    'sys_id_of_SAP-T-APO-Support',
    'sys_id_of_SAP-N-MII-Support'
];

var isNxtMember = new global.NxtGroupChecker().isMemberOfNxtGroup();
var newAssignmentGroupSysId = current.assignment_group.toString(); // Sys_id of the group being assigned to
var newAssignmentGroupName = current.assignment_group.getDisplayValue(); // Name of the group being assigned to

// Default to false, allow access only if conditions are met
answer = false;

// Condition 1: If the user is NOT a member of any "Nxt" group,
// they should ONLY be able to assign to groups they are already a member of,
// or if the assignment_group is being cleared (empty).
if (!isNxtMember) {
    if (newAssignmentGroupSysId == '' || gs.getUser().isMemberOf(newAssignmentGroupSysId)) {
        answer = true;
    }
} else {
    // Condition 2: If the user IS a member of an "Nxt" group,
    // they can assign to the specific allowed groups OR any group they are a member of.
    if (allowedGroups.indexOf(newAssignmentGroupSysId) > -1 || gs.getUser().isMemberOf(newAssignmentGroupSysId)) {
        answer = true;
    }
}

 and script include will be something like below:

var NxtGroupChecker = Class.create();
NxtGroupChecker.prototype = {
    initialize: function() {
        // Constructor, if needed
    },

    /**
     * Checks if the current user is a member of any group whose name contains "Nxt".
     * @returns {boolean} True if the user is a member of such a group, false otherwise.
     */
    isMemberOfNxtGroup: function() {
        var user = gs.getUser();
        var isNxtGroupMember = false;

        // Get all groups the current user is a member of
        var grMember = new GlideRecord('sys_user_grmember');
        grMember.addQuery('user', user.getID());
        grMember.query();

        var groupNames = [];
        while (grMember.next()) {
            var groupGr = grMember.group.getRefRecord();
            if (groupGr.isValidRecord() && groupGr.name.toString().indexOf('Nxt') > -1) {
                isNxtGroupMember = true;
                break; // Found a matching group, no need to continue
            }
        }

        return isNxtGroupMember;
    },

    type: 'NxtGroupChecker'
};

 

If my response has helped you hit helpful button and if your concern is solved do mark my response as correct.

 

Thanks & Regards
Viraj Hudlikar.