How to make RITM variables editable only for users in a group mapped to the Catalog Item (manually)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
3 weeks ago
Hi Community,
I have a requirement related to controlling edit access to variables on the RITM (Requested Item) based on the Catalog Item and the logged‑in user’s group membership.
Requirement
- I have multiple Catalog Items, and each Catalog Item is associated with a specific support group.
- Example:
- Catalog Item Test11 → Group Test1
- Catalog Item Test22 → Group Test2
- Example:
- When an RITM is created:
- Only users who belong to the group mapped to that Catalog Item should be able to edit variables on the Variables tab.
- All other users should see the variables as read‑only.
- This access control must be:
- Checked per RITM
- Based on the Catalog Item of the RITM
- Not based on the RITM assignment_group
What I am looking for
- A clean and supported approach to:
- Check, on load of the RITM, whether the logged‑in user is part of the group mapped to that Catalog Item
- Allow variable editing only for those users
- Keep variables read‑only for everyone else
- Guidance on:
- Whether a Display Business Rule + g_scratchpad + Catalog Client Script is the correct approach
- Best practices for using g_scratchpad to pass server‑side group membership checks to the client
- Any caveats when using this approach on the RITM Variables editor
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
3 weeks ago
Variables on an RITM record are editable out of the box, so first you need to look at what is making those read-only in your instance. It should be a simple onLoad Client Script on the sc_req_item table with one line of code
g_form.setVariablesReadOnly(true);
The easiest thing to do then for these circumstances where you want the variables to be editable is to wrap this line in some if conditions with a GlideAjax call to a Script Include to evaluate the group membership.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
3 weeks ago
Hi @LokeshwarRV !!
Catalog Policies and ACLs cannot control edit access to variables on the RITM Variables editor, so the supported approach is to combine server-side evaluation with client-side enforcement.
The recommended design is:
Display Business Rule (server-side) → g_scratchpad → Catalog Client Script (onLoad)
1. Store Catalog Item → Group Mapping
Add a reference field on the Catalog Item, for example:
u_variable_edit_group (Reference → sys_user_group)2. Display Business Rule (sc_req_item)
When: Display
Advanced: true
(function executeRule(current, g_scratchpad) {
g_scratchpad.canEditVariables = false;
if (!current.cat_item)
return;
var catItemGR = new GlideRecord('sc_cat_item');
if (!catItemGR.get(current.cat_item))
return;
if (!catItemGR.u_variable_edit_group)
return;
if (gs.getUser().isMemberOf(catItemGR.u_variable_edit_group))
g_scratchpad.canEditVariables = true;
})();This ensures:
Group membership is checked securely on the server
The check is done per RITM
Logic is based on the Catalog Item
3. Catalog Client Script (onLoad – RITM)
function onLoad() {
if (g_scratchpad.canEditVariables === true)
return;
var vars = g_form.getVariables();
for (var i = 0; i < vars.length; i++) {
g_form.setReadOnly(vars[i], true);
}
}This makes all variables read-only for unauthorized users.
Mark this as Helpful if it clarifies the issue.
Accept the solution if this answers your question.
Regards,
Vaishnavi
Associate Technical Consultant
