Restrict access to RITM tickets and catalog tasks

Community Alums
Not applicable

We require the "Desktop support" group to have access to RITMs belonging to catalog items of a specific category. We are trying to achieve this with ACL, but it hides all RITMs.

 

Restrict access to RITM tickets and  "Tasks included" 

  • Users in the group
  • The user who created the ticket
2 ACCEPTED SOLUTIONS

Ankur Bawiskar
Tera Patron
Tera Patron

@Community Alums 

so if logged in user belongs to Desktop support then show RITM belonging to particular catalog item

If not then show all

Before query business rule on sc_req_item table

Condition:

gs.getUser().isMemberOf('Desktop Support') && gs.getSession().isInteractive()

Script:

(function executeRule(current, previous /*null when async*/ ) {
    // Get the current user's ID
    var userId = gs.getUserID();
        // Restrict access to RITMs belonging to catalog items of a specific category
        current.addQuery('cat_item.category', 'YOUR_CATEGORY_SYS_ID').addOrCondition('opened_by', userId); // Replace with your category sys_id

})(current, previous);

If my response helped please mark it correct and close the thread so that it benefits future readers.

Regards,
Ankur
Certified Technical Architect  ||  9x ServiceNow MVP  ||  ServiceNow Community Leader

View solution in original post

Community Alums
Not applicable

Above answer worked with below changes

 var arr1 = [];
    var grRitm = new GlideRecord('sc_req_item');
grRitm.addEncodedQuery('cat_item.category=675ba7fe3b275e10ed1ccaac24e45a9b^ORcat_item.category=0d4c2bb23b675e10ed1ccaac24e45a5f');

    grRitm.query();
    while (grRitm.next()) {
        arr1.push(grRitm.sys_id.toString()); // Store the sys_id of the RITM in the array
    }
    var reqFor = gs.getUserID();
    var currentUser = gs.getUser();

    // Check if the user is a member of the "People Solution Support" group
    if (currentUser.isMemberOf('People Solution Support')) {
        // If the user is a member, they can see everything, so do not filter
        gs.info('User is in the People Solution Support group: ' + reqFor);
    } else {
        // If the user is not in the group, filter out the RITMs from the results
        gs.info('User is NOT in the People Solution Support group: ' + reqFor);

        // Modify the query to hide RITMs for non-people solution support users
        //  var encodedQuery = 'sys_idNOT IN' + arr1.join(',');
        var encodedQuery = 'sys_idNOT IN' + arr1.join(',') + '^ORrequested_for=' + reqFor; // Filter by user who created the ticket  
        current.addEncodedQuery(encodedQuery); // Adding this encoded query to current to filter records

View solution in original post

6 REPLIES 6

Hi Experts

I have similar requirement for particular catalog item to restrict the access to sc_request, sc_req_item, sc_task and it should only access when below conditions met.

1. only members of catalog task assignment group should access the sc_request, sc_req_item, sc_task

2. there are some 50 plus assignment group, they should also access sc_request, sc_req_item, sc_task

3. approvers of that catalog item should also access sc_request, sc_req_item, sc_task

4. opened by user and requested for should accesss the records sc_request, sc_req_item, sc_task

 

Peruri sita
Tera Contributor

Hi Experts

I have similar requirement for particular catalog item to restrict the access to sc_request, sc_req_item, sc_task and it should only access when below conditions met.

1. only members of catalog task assignment group should access the sc_request, sc_req_item, sc_task

2. there are some 50 plus assignment group, they should also access sc_request, sc_req_item, sc_task

3. approvers of that catalog item should also access sc_request, sc_req_item, sc_task

4. opened by user and requested for should accesss the records sc_request, sc_req_item, sc_task

apart from above conditions, no one should read the records of that item.