Restrict access to RITM tickets and catalog tasks

Community Alums
Not applicable

We require the "Desktop support" group to have access to RITMs belonging to catalog items of a specific category. We are trying to achieve this with ACL, but it hides all RITMs.

 

Restrict access to RITM tickets and  "Tasks included" 

  • Users in the group
  • The user who created the ticket
2 ACCEPTED SOLUTIONS

Ankur Bawiskar
Tera Patron
Tera Patron

@Community Alums 

so if logged in user belongs to Desktop support then show RITM belonging to particular catalog item

If not then show all

Before query business rule on sc_req_item table

Condition:

gs.getUser().isMemberOf('Desktop Support') && gs.getSession().isInteractive()

Script:

(function executeRule(current, previous /*null when async*/ ) {
    // Get the current user's ID
    var userId = gs.getUserID();
        // Restrict access to RITMs belonging to catalog items of a specific category
        current.addQuery('cat_item.category', 'YOUR_CATEGORY_SYS_ID').addOrCondition('opened_by', userId); // Replace with your category sys_id

})(current, previous);

If my response helped please mark it correct and close the thread so that it benefits future readers.

Regards,
Ankur
Certified Technical Architect  ||  9x ServiceNow MVP  ||  ServiceNow Community Leader

View solution in original post

Community Alums
Not applicable

Above answer worked with below changes

 var arr1 = [];
    var grRitm = new GlideRecord('sc_req_item');
grRitm.addEncodedQuery('cat_item.category=675ba7fe3b275e10ed1ccaac24e45a9b^ORcat_item.category=0d4c2bb23b675e10ed1ccaac24e45a5f');

    grRitm.query();
    while (grRitm.next()) {
        arr1.push(grRitm.sys_id.toString()); // Store the sys_id of the RITM in the array
    }
    var reqFor = gs.getUserID();
    var currentUser = gs.getUser();

    // Check if the user is a member of the "People Solution Support" group
    if (currentUser.isMemberOf('People Solution Support')) {
        // If the user is a member, they can see everything, so do not filter
        gs.info('User is in the People Solution Support group: ' + reqFor);
    } else {
        // If the user is not in the group, filter out the RITMs from the results
        gs.info('User is NOT in the People Solution Support group: ' + reqFor);

        // Modify the query to hide RITMs for non-people solution support users
        //  var encodedQuery = 'sys_idNOT IN' + arr1.join(',');
        var encodedQuery = 'sys_idNOT IN' + arr1.join(',') + '^ORrequested_for=' + reqFor; // Filter by user who created the ticket  
        current.addEncodedQuery(encodedQuery); // Adding this encoded query to current to filter records

View solution in original post

6 REPLIES 6

Sourabh Tarlekr
Kilo Sage

Hi @Community Alums 

 

You can use before Query Business Rule to achieve this. add when to run qualification as per requirement.

You can use script something like below to achieve this.

 

 

current.addQuery('opened_by',gs.getUserID()).addOrCondition('assignment_group','8a5055c9c61122780043563ef53438e3');

 

 

You can add record in sys_properties form of the group record as per best practices.

 

Regards,

Sourabh

Ankur Bawiskar
Tera Patron
Tera Patron

@Community Alums 

so if logged in user belongs to Desktop support then show RITM belonging to particular catalog item

If not then show all

Before query business rule on sc_req_item table

Condition:

gs.getUser().isMemberOf('Desktop Support') && gs.getSession().isInteractive()

Script:

(function executeRule(current, previous /*null when async*/ ) {
    // Get the current user's ID
    var userId = gs.getUserID();
        // Restrict access to RITMs belonging to catalog items of a specific category
        current.addQuery('cat_item.category', 'YOUR_CATEGORY_SYS_ID').addOrCondition('opened_by', userId); // Replace with your category sys_id

})(current, previous);

If my response helped please mark it correct and close the thread so that it benefits future readers.

Regards,
Ankur
Certified Technical Architect  ||  9x ServiceNow MVP  ||  ServiceNow Community Leader

@Community Alums 

Hope you are doing good.

Did my reply answer your question?

If my response helped please mark it correct and close the thread so that it benefits future readers.

Regards,
Ankur
Certified Technical Architect  ||  9x ServiceNow MVP  ||  ServiceNow Community Leader

Community Alums
Not applicable

Above answer worked with below changes

 var arr1 = [];
    var grRitm = new GlideRecord('sc_req_item');
grRitm.addEncodedQuery('cat_item.category=675ba7fe3b275e10ed1ccaac24e45a9b^ORcat_item.category=0d4c2bb23b675e10ed1ccaac24e45a5f');

    grRitm.query();
    while (grRitm.next()) {
        arr1.push(grRitm.sys_id.toString()); // Store the sys_id of the RITM in the array
    }
    var reqFor = gs.getUserID();
    var currentUser = gs.getUser();

    // Check if the user is a member of the "People Solution Support" group
    if (currentUser.isMemberOf('People Solution Support')) {
        // If the user is a member, they can see everything, so do not filter
        gs.info('User is in the People Solution Support group: ' + reqFor);
    } else {
        // If the user is not in the group, filter out the RITMs from the results
        gs.info('User is NOT in the People Solution Support group: ' + reqFor);

        // Modify the query to hide RITMs for non-people solution support users
        //  var encodedQuery = 'sys_idNOT IN' + arr1.join(',');
        var encodedQuery = 'sys_idNOT IN' + arr1.join(',') + '^ORrequested_for=' + reqFor; // Filter by user who created the ticket  
        current.addEncodedQuery(encodedQuery); // Adding this encoded query to current to filter records