VTB - Assignee cannot access their task unless a member of board

Go to solution
J_ Greene
Kilo Expert

‎08-20-2020 10:54 AM

I've created a freeform VTB and assigned a task to a user; however, I don't want that user to be a member of the board (just a task assignee). The user gets the notification that they have been assigned a task, however, they cannot access that task.

As an example, when they go to 'My Work' they do not see the assigned task until they are made a VTB member.

Seems counter intuitive that VTBTaskSecurity would restrict access to a task for an Assignee unless they had permission to the Card (which requires board membership)

This doesn't appear to be expected behavior.

Thoughts on best approach?

0 Helpfuls
  • 2,231 Views
1 ACCEPTED SOLUTION

Go to solution
J_ Greene
Kilo Expert
In response to Willem

‎08-24-2020 04:39 PM

Close - this was my initial approach, however, it doesn't satisfy the requirement fully. While the task is available on the 'My Work' list, the details of the task(s) are not accessible.

find_real_file.png

The following resolve the issue:

ACL = vtb_task (read)

answer = VTBTaskSecurity.canRead(current.sys_id)||current.assigned_to == gs.getUserID();

ACL = vtb_task (write)

answer = VTBTaskSecurity.canWrite(current.sys_id)||current.assigned_to == gs.getUserID();

ACL = vtb_task.* (read)

answer = VTBTaskSecurity.canRead(current.sys_id)||current.assigned_to == gs.getUserID();

ACL = vtb_task.* (write)

answer = VTBTaskSecurity.canWrite(current.sys_id)||current.assigned_to == gs.getUserID();

 

View solution in original post

Preview file
21 KB
Preview file
25 KB
0 Helpfuls
9 REPLIES 9

Go to solution
Ashley Snyder1
Giga Guru

‎08-20-2020 11:03 AM

Freeform boards use Private/Personal Tasks I believe, and do not reflect a task such as 'sc_task' in My Work by default. 

https://docs.servicenow.com/bundle/orlando-servicenow-platform/page/use/visual-task-boards/concept/c...

Here's a community blog that discusses more:

https://community.servicenow.com/community?id=community_question&sys_id=58ca836ddb5cdbc01dcaf3231f96...

"If the board is created by the user, he will be able to directly see the vtb_task records.

 

If the board is not created by user, but he comes in as collaborator and adds task, he will not be able to see the vtb_task record"

Go to solution
Willem
Giga Sage
Giga Sage

‎08-20-2020 11:03 AM

Hi,

 

It is. There is an ACL on the vtb_task table calling a script include with the following:

return this.isBoardMemberOf(boardRecord.sys_id);

 

So you need to be a member in order to see the vtb task

0 Helpfuls

Go to solution
Willem
Giga Sage
Giga Sage

‎08-20-2020 11:07 AM

The Security rule (ACL):

find_real_file.png

 

That script include checks access on the VTB card:

find_real_file.png

 

Which contains the "return this.isBoardMemberOf(boardRecord.sys_id);"

 

Preview file
17 KB
Preview file
41 KB
0 Helpfuls

Go to solution
Ashley Snyder1
Giga Guru
In response to Willem

‎08-20-2020 11:14 AM

Makes sense, by default the task is a "Private Task" only visible to you, the creator of the board and the task, unless, you allow someone else to view your board and therefore the tasks on it.  Which has less impact, changing the ACL for all Freeform boards in the future, or giving that particular user permission to view the board?

0 Helpfuls