Allow Group Managers to Manage Group Members

Yaseen2
Mega Expert

Dear All,

Kindly note I've followed the below steps but still I'm unable to achieve my target to Allow Group Managers to Manage Group Members, even the admin is unable to edit the group members when we added "find_real_file.png

https://www.servicenowguru.com/system-definition/group-managers-manage-group-members/

Please advise if there is an easier way to achieve this noting that I can't figure out the below link :

https://community.servicenow.com/community?id=community_question&sys_id=ed71cb29db98dbc01dcaf3231f96...

If it's the solution could you please elaborate more

how can  I add this condition:

Group.Manager | is (dynamic) | Me

 

Thanks

 

13 REPLIES 13

Hi,

Should I add user_admin role to the group manger?

Hi Yaseen,

 

If you go to your application menu and write Debug,You will get a lot of Debug options, click on 'Enable all'

Now impersonate the profile you are testing with and go to the group of which the user is manager of - if you still don't see the edit option to add users to the group that means something is wrong with the Write and Create ACLs

You can check all the ACL restrictions in the Debug logs

find_real_file.png

Now You can see there are 4 circles for each ACL,

1. The 2nd Circle is for roles given in the ACL

2. 3rd Circle is for the Condition statement in the ACL

3. 4th Circle is the Script in the ACL

 

When you click on the  record/sys_user_grmember/write, it will open the ACL, you can open the ACL and check for the roles/condition/script whichever is restricting the user to edit the table. In this way you would be able to edit the ACLs which are restricting the user.

Now in my case its working with the changes in ACLs

find_real_file.png

You don't need to give user_admin role separately, what you can do is remove the roles from the roles section and include that in the script-

if(gs.getUserID().hasRole('itil') || gs.getUserID().hasRole('user_admin'))
{
if(gs.getUserID()==current.group.manager )
{
answer=true;
}
else
{
var rmAPI = new SNC.RoleManagementAPI();
if (!rmAPI.isAllowedToGrantGroup(current.group))
answer = false;
else
answer = true;
}
}

If you see that your condition manager is dynamic me is giving you error while debugging then try and include the group manager is current user in your script-

if(gs.getUserID()==current.group.manager )
{
answer=true;
}

I think this time it will work out for you. 🙂

Dear  kumamano

Many thanks for your response, but I'm totally confused I've tried to debug but didn't find an error. 

Dear kumamano,

Could we have a team viewer session to check case