Copy Variables to SCTASK from RITM ignore permissions on RITM

dustinjones · ‎11-03-2023

Hello,

I have a catalog item with variables. The RITM is assigned to a group for tracking and several SCTASK's are created in a work flow with the "Create Catalog Task" Action. Each SCTASK is assigned to different groups. If the user isn't a member of the group associated with the RITM assignment group then they don't see any of the variables on the SCTASK added via the "create catalog task" action.

I am happy to rework this however but the goal is to have it so fulfillers can only see tickets if they are members of the assignment group, have SCTASKS created with variables from the RITM, allow fulfillers to see variables from RITM even if they don't have access to the RITM itself.

Thanks in advance

Brad Bowman · ‎11-03-2023

I'm a little uncertain about what you're trying to accomplish, or the things you've put into place so far. To be clear, by default the variables created in or assigned to a Catalog Item will be shown on the RITM form and whatever Catalog Tasks they are added to (select each variable at the bottom of the Create Catalog Task workflow activity). The variables don't belong to either record, so if a variable value is set/updated one place, the same value will be reflected wherever that variable is shown. In our case, we don't want variables to be updated on RITMs as this should be controlled at the Catalog Task level, so we have a blanket Client Script to make all variables read only on the sc_req_item table, and sometimes we have Catalog UI Policies to hide certain variables or variable sets on the Requested Item.

You can control read access to records on the sc_req_item table (RITMs) with an ACL or before query Business Rule.

dustinjones · ‎11-03-2023

Thanks. Everything you said is how I thought it worked but my experience at the moment is different. I do have a business rule that locks down visibility to sc_req_item to requestor, watchlist, assignee and assignement group. Other than that it should be default. But for some reason the variables are not visible to a user on the catalog task unless they are a member of the group associated to the RITM. As soon as I add them as a member of the group that is the assignment group of the ritm all the variables are then visible on the sctask.

"(select each variable at the bottom of the Create Catalog Task workflow activity)." - That is how I added the variables yes.

Hope that makes more sense

Marco0o1 · ‎11-03-2023

Hi @dustinjones ,

I think you are using scripting in your workflow when you tried to return the variables you can add this part to evaluate if the user is part of the group:

var sc_catTaskID = current.variables.scTask // This is the sys_id  of the scTask you want to acces

var sc_tasGR = new GliRecord("sc_task");
sc_taskGR.get(sc_catTaskID);

var catTaskGroupID = sc_taskGR.assignment_group // There is the actual group of your catalog task

var currentUser = gs.getUser();  // The sysId of the current user

var groupGR  = new GlideRecord("sys_user_grmember")
groupGR.addQuery("user", currentUser ); // filter your user log
groupGR.addQuery("group", catTaskGroupID); //filter your group catalog
groupGR.query();

if(groupGR .next()){
 //code..... if access here the user is member of the group
}

That is a example you need to reeplace with your code, if for example you are running a Catalog Client Script you would need to create a script include that return if your user is part of the group.

Hope that help you.

dustinjones · ‎11-03-2023

Thanks for the reply but not using any scripting in the flow. Just basic Flow designer using a create catalog task action, selected my catalog item under the Template Catalog section and selecting all the variables.