Show incidents assigned only to a specific group

New user1212
Tera Contributor

‎04-07-2024 11:18 PM

Hi.
I want to give users belonging to the XYZ group access to all requests and some incidents, but only to the group to which they belong. I added the roles sn_incident_read, sn_incident_write, sn_request_read, sn_request_write to the entire group, but I have to somehow limit the visibility to these specific group incidents.
ACL is not an option because developers do not get the admin_security role and I cannot create new ones.
I tried to create a BR, but after impersonating it as a user, I still have access to all incidents.
Any ideas?

Newuser1212_0-1712557004118.png

Newuser1212_1-1712557023499.png

 

0 Helpfuls
  • 866 Views
7 REPLIES 7

Dr Atul G- LNG
Tera Patron
Tera Patron

‎04-08-2024 12:12 AM

Hi @New user1212 

 

BR are not good option here, ACL is best and you can tell to client the benefits for same.

 

@Community Alums correct , If am I wrong.

*************************************************************************************************************
If my response proves useful, please indicate its helpfulness by selecting " Accept as Solution" and " Helpful." This action benefits both the community and me.

Regards
Dr. Atul G. - Learn N Grow Together
ServiceNow Techno - Functional Trainer
LinkedIn: https://www.linkedin.com/in/dratulgrover
YouTube: https://www.youtube.com/@LearnNGrowTogetherwithAtulG
Topmate: https://topmate.io/atul_grover_lng [ Connect for 1-1 Session]

****************************************************************************************************************
0 Helpfuls

tharun_kumar_m
Mega Guru
In response to Dr Atul G- LNG

‎04-08-2024 12:17 AM

Hi @Dr Atul G- LNG ,

 

There are situations where an incidents with specific assignment group(s) to restrict visibility only to it group members. Though this can be achieved using read ACLs, but it may force restricted users to get access through other read ACLs or OOB readACLs on that table.

Since it is not suggested to disable other ACLs, we can restrict incidents of specific group from visibility via before-query business rule.

 

If my answer has helped with your question, please mark my answer as accepted solution and give a thumbs up.

 

Best regards,

Tharun Kumar

Dr Atul G- LNG
Tera Patron
Tera Patron
In response to tharun_kumar_m

‎04-08-2024 12:20 AM

Thanks mate for update and clarification. Agree with you. 

*************************************************************************************************************
If my response proves useful, please indicate its helpfulness by selecting " Accept as Solution" and " Helpful." This action benefits both the community and me.

Regards
Dr. Atul G. - Learn N Grow Together
ServiceNow Techno - Functional Trainer
LinkedIn: https://www.linkedin.com/in/dratulgrover
YouTube: https://www.youtube.com/@LearnNGrowTogetherwithAtulG
Topmate: https://topmate.io/atul_grover_lng [ Connect for 1-1 Session]

****************************************************************************************************************
0 Helpfuls

tharun_kumar_m
Mega Guru

‎04-08-2024 12:14 AM

Hello mate,

 

In the "When to run" tab, instead of Insert and update, please select only the "query". 

Your code script should run on before query and not on on before insert/update.

 

If my answer has helped with your question, please mark my answer as accepted solution and give a thumbs up.

 

Best regards,

Tharun Kumar

0 Helpfuls