Join the #BuildWithBuildAgent Challenge! Get recognized, earn exclusive swag, and inspire the ServiceNow Community with what you can build using Build Agent.  Join the Challenge.

This UI should access to sn_change group members

Purushotham1992
Tera Contributor

3 weeks ago

Hi,

This UI should access to sn_change group members and remaining all should be read only 

cab workbench->Calendar  
this calendar should read only to all

Preview file
32 KB
0 Helpfuls
  • 400 Views
3 REPLIES 3

Anupam1
Mega Guru

3 weeks ago

Hi @Purushotham1992 ,

 

To make the CAB Workbench Calendar read-only for all users except members of the sn_change group in ServiceNow, you’ll want to apply a combination of ACLs (Access Control Rules) and UI Policy or Client Script restrictions depending on how the calendar is rendered. Here's a structured approach:

 

Step 1: Restrict Write Access via ACL

Create an ACL on the relevant table or UI page that powers the CAB calendar (likely cab_workbench_calendar or a related custom table):

  • Type: Record ACL
  • Operation: write
  • Table: cab_workbench_calendar (or the actual table used)
  • Condition: gs.hasRole('sn_change')
  • Script (if needed):
  • answer = gs.getUser().isMemberOf('sn_change');

This ensures only sn_change group members can modify calendar entries.

 

Step 2: Make Calendar UI Read-Only for Others

If the calendar is rendered via a UI Page, Widget, or Form, apply one of the following:

Option A: UI Policy (for Forms)

  • Set all editable fields to read-only when the user is not in sn_change.

Option B: Client Script (for Widgets or Custom UI)

if (!gs.getUser().isMemberOf('sn_change')) {

  // Disable calendar interaction

  g_form.setReadOnly('calendar_field', true); // if it's a form field

  // Or use DOM manipulation if it's a widget

}

 

Step 3: Restrict CAB Workbench Access (Optional)

If you want to restrict access to the entire CAB Workbench, not just the calendar:

  • Apply a Role requirement on the CAB Workbench module:
    • Navigate to Application Navigator > System Definition > Modules
    • Find CAB Workbench
    • Add sn_change to the Roles field

This hides the module from users outside the group.

 

Final Check

  • Test with a user in and outside the sn_change group.
  • Confirm that non-members can view but not edit calendar entries.
  • Ensure no unintended access is granted via other roles like admin.

 

 

If my response helped please mark it correct and close the thread so that it benefits future readers.

 

Thanks,

Anupam.

0 Helpfuls

Purushotham1992
Tera Contributor
In response to Anupam1

3 weeks ago

Hi @Anupam1 

 

Purushotham1992_0-1762405875594.png

 

This is cab workbench , this page calendar unable to fetch the table details, there is no table name with calendar 
Wrote ACL on cab_meeting table but not working  

 

Thanks in advance

0 Helpfuls

Anupam1
Mega Guru
In response to Purushotham1992

3 weeks ago

Hi @Purushotham1992 ,

 

CAB Workbench Calendar in ServiceNow is not directly tied to a single table like cab_meeting. Instead, it's a custom UI component (often a widget or UI page) that aggregates data from multiple sources, including change_request, cab_meeting, and possibly change_task.

Here’s how you can troubleshoot and enforce read-only behavior even when the calendar doesn’t expose a direct table:

 

Strategy to Restrict CAB Workbench Calendar Access

  1. Understand the Rendering Mechanism
  • The calendar is likely rendered via a custom widget or UI page.
  • It may use GlideAjax or REST APIs to fetch data from multiple tables.
  • Use Developer Tools (F12) in the browser to inspect network calls when the calendar loads. Look for:
    • API endpoints (e.g., /api/now/table/change_request)
    • Script includes or widgets that fetch calendar events
  1. Apply ACLs on Underlying Tables

Even if the calendar doesn’t expose a direct table, it pulls data from these:

  • TablePurposeACL Needed
    change_requestChange records shown on calendarread ACL
    cab_meetingCAB meeting metadataread ACL
    change_taskTasks linked to changesread ACL
  •  
  • For each table, ensure:
  • answer = gs.getUser().isMemberOf('sn_change');

is used for write, create, and delete ACLs.

  • For read ACLs, allow broader access if you want visibility but no edit rights.
  1. Restrict Widget Interactivity

If the calendar is a widget:

  • Open the widget in Service Portal > Widgets.
  • In the Server Script, check group membership:
  • data.isEditor = gs.getUser().isMemberOf('sn_change');
  • In the Client Controller, disable interactivity:
  • if (!data.isEditor) {
  •   // Disable drag/drop, hide buttons
  • }
  1. Restrict CAB Workbench Access (Optional)
  • Navigate to System Definition > Modules
  • Find CAB Workbench
  • Add sn_change to the Roles field
  • This hides the module from non-members

 

Final Validation

User Type

Calendar Visibility

Edit Capability

sn_change member

 Yes

 Yes

Non-member

 Yes

 No

Admin

Depends on ACL bypass settings—test explicitly

 

 

If my response helped please mark it correct and close the thread so that it benefits future readers.

 

Thanks,

Anupam.

0 Helpfuls