Restrict read access to RITM variable content

RhianClarke
Tera Contributor

Hi, I have a requirement to restrict read access to one catalog item's variable contents. The catalog item needs to remain open for all users to write/complete & submit.

Once logged/completed, we need the variable contents to be only visible to one specific itil group. 

So far, using business rules to accomplish this has resulted in the catalog item variables disappearing for users who need to log the REQ, so not a suitable result. I believe the way to go is to use ACLs, however attempting to use ACLs has so far not worked for me, I've found the variables/variable contents aren't restricted.

Do I need to find the 'parent' AC that overall allows read access to all RITM variables, and amend it to exclude this one catalog item, or does my Access Control need some work/scripting?

 

The ACL I attempted:

Condition 1 - Item is '********'

Security Attribute Condition - Group is '**********'

 

I also tried:

Condition 1 - Item is '********'

Security Attribute Condition - Group Explicit is '**********'

6 REPLIES 6

Ankur Bawiskar
Tera Patron
Tera Patron

@RhianClarke 

why not have display BR on RITM table and check the group membership and then use onLoad client script to hide that variable?

If my response helped please mark it correct and close the thread so that it benefits future readers.

Regards,
Ankur
Certified Technical Architect  ||  9x ServiceNow MVP  ||  ServiceNow Community Leader

Josh Pirozzi
Kilo Sage

Hi @RhianClarke,

 

If you're looking to allow Write Access to a specific Variable, you can set those accesses on the Catalog Item. My suggestion would be to create a Role specifically for this purpose, add the Role to the Group(s) who will need to have Write access to the Variable(s) and then associate the new Role to the Variable directly on the Catalog Item.

 

Hope this helps!

Josh Pirozzi

RhianClarke
Tera Contributor

Thanks Ankur & Josh, in the end I resolved this with a new role and then used an on load script in Catalog Client Script to restrict the variables I needed to in the back-end, selecting 'Applies on Requested Items' and 'Applies on Catalog Tasks'

Hi Rhian,

 

 

We are migrating from BMC to Servicenow and completelynew to this space.


We are now have the same requriement. can u share the solution u implemented please.

 

Thanks in advance.