Allow Group Managers to Manage Group Members
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-16-2020 04:51 PM
Dear All,
Kindly note I've followed the below steps but still I'm unable to achieve my target to Allow Group Managers to Manage Group Members, even the admin is unable to edit the group members when we added "
https://www.servicenowguru.com/system-definition/group-managers-manage-group-members/
Please advise if there is an easier way to achieve this noting that I can't figure out the below link :
If it's the solution could you please elaborate more
how can I add this condition:
Group.Manager | is (dynamic) | Me
Thanks
- Labels:
-
Configuration Compliance
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-17-2020 12:00 AM
Hi,
Should I add user_admin role to the group manger?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-17-2020 04:29 PM
Hi Yaseen,
If you go to your application menu and write Debug,You will get a lot of Debug options, click on 'Enable all'
Now impersonate the profile you are testing with and go to the group of which the user is manager of - if you still don't see the edit option to add users to the group that means something is wrong with the Write and Create ACLs
You can check all the ACL restrictions in the Debug logs
Now You can see there are 4 circles for each ACL,
1. The 2nd Circle is for roles given in the ACL
2. 3rd Circle is for the Condition statement in the ACL
3. 4th Circle is the Script in the ACL
When you click on the record/sys_user_grmember/write, it will open the ACL, you can open the ACL and check for the roles/condition/script whichever is restricting the user to edit the table. In this way you would be able to edit the ACLs which are restricting the user.
Now in my case its working with the changes in ACLs
You don't need to give user_admin role separately, what you can do is remove the roles from the roles section and include that in the script-
if(gs.getUserID().hasRole('itil') || gs.getUserID().hasRole('user_admin'))
{
if(gs.getUserID()==current.group.manager )
{
answer=true;
}
else
{
var rmAPI = new SNC.RoleManagementAPI();
if (!rmAPI.isAllowedToGrantGroup(current.group))
answer = false;
else
answer = true;
}
}
If you see that your condition manager is dynamic me is giving you error while debugging then try and include the group manager is current user in your script-
if(gs.getUserID()==current.group.manager )
{
answer=true;
}
I think this time it will work out for you. 🙂
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-18-2020 05:01 AM
Dear kumamano
Many thanks for your response, but I'm totally confused I've tried to debug but didn't find an error.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-18-2020 10:35 AM
Dear kumamano,
Could we have a team viewer session to check case