Restrict access to RITM tickets and catalog tasks

Community Alums · ‎02-20-2025

We require the "Desktop support" group to have access to RITMs belonging to catalog items of a specific category. We are trying to achieve this with ACL, but it hides all RITMs.

Restrict access to RITM tickets and "Tasks included"

Users in the group
The user who created the ticket

Ankur Bawiskar · ‎02-20-2025

@Community Alums

so if logged in user belongs to Desktop support then show RITM belonging to particular catalog item

If not then show all

Before query business rule on sc_req_item table

Condition:

gs.getUser().isMemberOf('Desktop Support') && gs.getSession().isInteractive()

Script:

(function executeRule(current, previous /*null when async*/ ) {
    // Get the current user's ID
    var userId = gs.getUserID();
        // Restrict access to RITMs belonging to catalog items of a specific category
        current.addQuery('cat_item.category', 'YOUR_CATEGORY_SYS_ID').addOrCondition('opened_by', userId); // Replace with your category sys_id

})(current, previous);

If my response helped please mark it correct and close the thread so that it benefits future readers.

Regards,
Ankur
✨ Certified Technical Architect || ✨ 9x ServiceNow MVP || ✨ ServiceNow Community Leader

View solution in original post

Community Alums · ‎02-25-2025

Above answer worked with below changes

var arr1 = [];

var grRitm = new GlideRecord('sc_req_item');

grRitm.addEncodedQuery('cat_item.category=675ba7fe3b275e10ed1ccaac24e45a9b^ORcat_item.category=0d4c2bb23b675e10ed1ccaac24e45a5f');

grRitm.query();

while (grRitm.next()) {

arr1.push(grRitm.sys_id.toString()); // Store the sys_id of the RITM in the array

}

var reqFor = gs.getUserID();

var currentUser = gs.getUser();

// Check if the user is a member of the "People Solution Support" group

if (currentUser.isMemberOf('People Solution Support')) {

// If the user is a member, they can see everything, so do not filter

gs.info('User is in the People Solution Support group: ' + reqFor);

} else {

// If the user is not in the group, filter out the RITMs from the results

gs.info('User is NOT in the People Solution Support group: ' + reqFor);

// Modify the query to hide RITMs for non-people solution support users

// var encodedQuery = 'sys_idNOT IN' + arr1.join(',');

var encodedQuery = 'sys_idNOT IN' + arr1.join(',') + '^ORrequested_for=' + reqFor; // Filter by user who created the ticket

current.addEncodedQuery(encodedQuery); // Adding this encoded query to current to filter records

View solution in original post

Sourabh Tarlekr · ‎02-20-2025

Hi @Community Alums

You can use before Query Business Rule to achieve this. add when to run qualification as per requirement.

You can use script something like below to achieve this.

current.addQuery('opened_by',gs.getUserID()).addOrCondition('assignment_group','8a5055c9c61122780043563ef53438e3');

You can add record in sys_properties form of the group record as per best practices.

Regards,

Sourabh

Ankur Bawiskar · ‎02-20-2025

@Community Alums

so if logged in user belongs to Desktop support then show RITM belonging to particular catalog item

If not then show all

Before query business rule on sc_req_item table

Condition:

gs.getUser().isMemberOf('Desktop Support') && gs.getSession().isInteractive()

Script:

(function executeRule(current, previous /*null when async*/ ) {
    // Get the current user's ID
    var userId = gs.getUserID();
        // Restrict access to RITMs belonging to catalog items of a specific category
        current.addQuery('cat_item.category', 'YOUR_CATEGORY_SYS_ID').addOrCondition('opened_by', userId); // Replace with your category sys_id

})(current, previous);

If my response helped please mark it correct and close the thread so that it benefits future readers.

Regards,
Ankur
✨ Certified Technical Architect || ✨ 9x ServiceNow MVP || ✨ ServiceNow Community Leader

Ankur Bawiskar · ‎02-23-2025

@Community Alums

Hope you are doing good.

Did my reply answer your question?

If my response helped please mark it correct and close the thread so that it benefits future readers.

Regards,
Ankur
✨ Certified Technical Architect || ✨ 9x ServiceNow MVP || ✨ ServiceNow Community Leader

Community Alums · ‎02-25-2025

Above answer worked with below changes

var arr1 = [];

var grRitm = new GlideRecord('sc_req_item');

grRitm.addEncodedQuery('cat_item.category=675ba7fe3b275e10ed1ccaac24e45a9b^ORcat_item.category=0d4c2bb23b675e10ed1ccaac24e45a5f');

grRitm.query();

while (grRitm.next()) {

arr1.push(grRitm.sys_id.toString()); // Store the sys_id of the RITM in the array

}

var reqFor = gs.getUserID();

var currentUser = gs.getUser();

// Check if the user is a member of the "People Solution Support" group

if (currentUser.isMemberOf('People Solution Support')) {

// If the user is a member, they can see everything, so do not filter

gs.info('User is in the People Solution Support group: ' + reqFor);

} else {

// If the user is not in the group, filter out the RITMs from the results

gs.info('User is NOT in the People Solution Support group: ' + reqFor);

// Modify the query to hide RITMs for non-people solution support users

// var encodedQuery = 'sys_idNOT IN' + arr1.join(',');

var encodedQuery = 'sys_idNOT IN' + arr1.join(',') + '^ORrequested_for=' + reqFor; // Filter by user who created the ticket

current.addEncodedQuery(encodedQuery); // Adding this encoded query to current to filter records