What's the purpose of the ServiceNow OOB Business Rule "incident query"?

Lisa71
Tera Contributor

‎09-20-2024 02:46 AM

What's the purpose of the ServiceNow OOB Business Rule "incident query"? We already have read ACl and report_view ACL to restrict users to access the incident table's data, why still have this BR? What's the use cases? If a user search the incident in service portal, will the query BR impact them? Thanks. 

 

BR's code is here for convenience: 

restrictIncidents();
function restrictIncidents() {
    if (!gs.hasRole("itil") && !gs.hasRole("sn_incident_read") && gs.isInteractive()) {
        //Do NOT restrict Incidents if user has the service_viewer role.
        if (gs.hasRole('service_viewer'))
            return;
        if (GlidePluginManager.isActive('sn_fsm_itsm_mng') && gs.hasRole('wm_ext_agent'))
            return;
        // STRY52118544: ham_user is added to support incident read for reporting on HAM store app
        if (GlidePluginManager.isActive('com.sn_hamp') && gs.hasRole('sn_hamp.ham_user')) {
            return;
        }
        // DEF0330091: Allow query on OT Incident with sn_ot_incident_read role
        if (GlidePluginManager.isActive('com.sn_ot_inc_mgmt') && gs.hasRole("sn_ot_incident_read"))
            return;

        // Responders should be able to access all incidents
        if (gs.hasRole("sn_sow_srm.srm_responder")) {
            return;
        }
           
        var u = gs.getUserID();
        current.addQuery("caller_id", u).addOrCondition("opened_by", u).addOrCondition("watch_list", "CONTAINS", u);
    }
}
0 Helpfuls
  • 350 Views
2 REPLIES 2

Robbie
Kilo Patron
Kilo Patron

‎09-20-2024 04:10 AM

Hi @Lisa71,

 

Whilst I appreciate your direct question, I would steer you toward two relevant links which explain the difference and compare Before Query Business Rules vs ACL's. This will explain how they are used.

 

The 1st, is a direct ServiceNow Support link:

https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB0859355

 

2nd, a community article (Kudos to @Tom Sienkiewicz) which may contradict the ServiceNow Support link, but provides a very good overview and comparison:

https://www.servicenow.com/community/developer-articles/query-business-rules-vs-acl-comparison/ta-p/...

 

To help others (or for me to help you more directly), please mark this response correct by clicking on Accept as Solution and/or Kudos.



Thanks, Robbie

0 Helpfuls

Tom Sienkiewicz
Mega Sage

‎09-20-2024 06:06 AM - edited ‎09-20-2024 06:07 AM

I think it is basically used as a blanket security feature. Maybe it doubles some of your ACLs but this makes sure the restrictions will always be applied on record level.

Since this will only run for interactive sessions, this Query BR should hopefully not affect any scripts running in your instance or API calls.

But I think this BR will also not run in Mobile apps, so make sure you do not rely on this Query BR but rather add necessary ACLs always.

GlideSystem method isInteractive() always returns 'false' when logged in using Mobile app. - Support...

0 Helpfuls