How to write business rule to restrict the visibility access to records for users depending on the groups and roles

Khyati Panchal1 · ‎10-05-2021

Hello,

I'm working on the VR items and I want to write the BR for the records to restrict the access of visibility for the records that are groups based on users and groups.

For eg: records only visible tot he users having access to specific group.

Any leads on this?

Allen Andreas · ‎10-05-2021

Hello,

You'd want to consider looking in to a query business rule to intercept the user's query to the table and then either allow it or adjust it depending on their group membership.

This would be used to remove the "number of removed from this list by Security constraints" message, otherwise, out of box it already limits their vision.

You can look at the sys_user query BR: "user query" for an example, but script would be something like:

var isMember = gs.getUser().isMemberOf('Hardware'); //change Hardware to group name or sys_id

if (!isMember) {
current.addQuery('field', 'value');
}

Please mark reply as Helpful/Correct, if applicable. Thanks!

Please consider marking my reply as Helpful and/or Accept Solution, if applicable. Thanks!

Khyati Panchal1 · ‎10-05-2021

I have couple of groups and only 1 class to look for to match

Allen Andreas · ‎10-05-2021

Hi,

Not sure what you mean by class, but the script was given above?

You'd need to adjust it and it's recommended that you review resources to help the rest of the way. It's not beneficial to you to just have the entire script custom written for you.

An example of checking for a few groups (there's a few ways to do this, but example):

var isHardware = gs.getUser().isMemberOf('Hardware'); //change Hardware to group name or sys_id
var isSoftware = gs.getUser().isMemberOf('Software'); //change Software to group name or sys_id

if (!isHardware) {
current.addQuery('field', 'value');
}
if (!isSoftware) {
current.addQuery('field', 'value');
}

Please mark reply as Helpful/Correct, if applicable. Thanks!

Please consider marking my reply as Helpful and/or Accept Solution, if applicable. Thanks!

Chris McDevitt · ‎10-05-2021

Hi,

This is how VR works out of the box. By giving a users the ITIL role, they inherit the Remediation Owner role which restricts them to only see items assigned to their group.