How to write business rule to restrict the visibility access to records for users depending on the groups and roles
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-05-2021 06:05 AM
Hello,
I'm working on the VR items and I want to write the BR for the records to restrict the access of visibility for the records that are groups based on users and groups.
For eg: records only visible tot he users having access to specific group.
Any leads on this?
- Labels:
-
Vulnerability Response

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-05-2021 06:27 AM
Hello,
You'd want to consider looking in to a query business rule to intercept the user's query to the table and then either allow it or adjust it depending on their group membership.
This would be used to remove the "number of removed from this list by Security constraints" message, otherwise, out of box it already limits their vision.
You can look at the sys_user query BR: "user query" for an example, but script would be something like:
var isMember = gs.getUser().isMemberOf('Hardware'); //change Hardware to group name or sys_id
if (!isMember) {
current.addQuery('field', 'value');
}
Please mark reply as Helpful/Correct, if applicable. Thanks!
Please consider marking my reply as Helpful and/or Accept Solution, if applicable. Thanks!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-05-2021 06:59 AM
I have couple of groups and only 1 class to look for to match

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-05-2021 08:42 AM
Hi,
Not sure what you mean by class, but the script was given above?
You'd need to adjust it and it's recommended that you review resources to help the rest of the way. It's not beneficial to you to just have the entire script custom written for you.
An example of checking for a few groups (there's a few ways to do this, but example):
var isHardware = gs.getUser().isMemberOf('Hardware'); //change Hardware to group name or sys_id
var isSoftware = gs.getUser().isMemberOf('Software'); //change Software to group name or sys_id
if (!isHardware) {
current.addQuery('field', 'value');
}
if (!isSoftware) {
current.addQuery('field', 'value');
}
Please mark reply as Helpful/Correct, if applicable. Thanks!
Please consider marking my reply as Helpful and/or Accept Solution, if applicable. Thanks!

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-05-2021 06:29 AM