Restrict access to RITM tickets and catalog tasks

Community Alums · ‎02-20-2025

We require the "Desktop support" group to have access to RITMs belonging to catalog items of a specific category. We are trying to achieve this with ACL, but it hides all RITMs.

Restrict access to RITM tickets and "Tasks included"

Users in the group
The user who created the ticket

Ankur Bawiskar · ‎02-20-2025

@Community Alums

so if logged in user belongs to Desktop support then show RITM belonging to particular catalog item

If not then show all

Before query business rule on sc_req_item table

Condition:

gs.getUser().isMemberOf('Desktop Support') && gs.getSession().isInteractive()

Script:

(function executeRule(current, previous /*null when async*/ ) {
    // Get the current user's ID
    var userId = gs.getUserID();
        // Restrict access to RITMs belonging to catalog items of a specific category
        current.addQuery('cat_item.category', 'YOUR_CATEGORY_SYS_ID').addOrCondition('opened_by', userId); // Replace with your category sys_id

})(current, previous);

If my response helped please mark it correct and close the thread so that it benefits future readers.

Regards,
Ankur
✨ Certified Technical Architect || ✨ 9x ServiceNow MVP || ✨ ServiceNow Community Leader

View solution in original post

Community Alums · ‎02-25-2025

Above answer worked with below changes

var arr1 = [];

var grRitm = new GlideRecord('sc_req_item');

grRitm.addEncodedQuery('cat_item.category=675ba7fe3b275e10ed1ccaac24e45a9b^ORcat_item.category=0d4c2bb23b675e10ed1ccaac24e45a5f');

grRitm.query();

while (grRitm.next()) {

arr1.push(grRitm.sys_id.toString()); // Store the sys_id of the RITM in the array

}

var reqFor = gs.getUserID();

var currentUser = gs.getUser();

// Check if the user is a member of the "People Solution Support" group

if (currentUser.isMemberOf('People Solution Support')) {

// If the user is a member, they can see everything, so do not filter

gs.info('User is in the People Solution Support group: ' + reqFor);

} else {

// If the user is not in the group, filter out the RITMs from the results

gs.info('User is NOT in the People Solution Support group: ' + reqFor);

// Modify the query to hide RITMs for non-people solution support users

// var encodedQuery = 'sys_idNOT IN' + arr1.join(',');

var encodedQuery = 'sys_idNOT IN' + arr1.join(',') + '^ORrequested_for=' + reqFor; // Filter by user who created the ticket

current.addEncodedQuery(encodedQuery); // Adding this encoded query to current to filter records

View solution in original post

Peruri sita · ‎06-26-2025

Hi Experts

I have similar requirement for particular catalog item to restrict the access to sc_request, sc_req_item, sc_task and it should only access when below conditions met.

1. only members of catalog task assignment group should access the sc_request, sc_req_item, sc_task

2. there are some 50 plus assignment group, they should also access sc_request, sc_req_item, sc_task

3. approvers of that catalog item should also access sc_request, sc_req_item, sc_task

4. opened by user and requested for should accesss the records sc_request, sc_req_item, sc_task

Peruri sita · ‎06-26-2025