Restricted View for Project Managers

mianmubeen
Tera Contributor

‎03-29-2023 10:22 AM

We need to restrict project manager so that they can only view Projects created by them. For example If Steve and John both have it_project_manager role we want to restrict steve from viewing Project created by John. Similarly, we want to restrict Project_user to only view those projects in project workspace whom they have been assigned any project task. Currently they are able to view all projects in project workspace.

 

Using business rules we are able to achieve it in list view but need to make it work in workspace View.

0 Helpfuls
  • 981 Views
2 REPLIES 2

Linda_G
Kilo Sage

‎03-30-2023 08:40 AM

This link may be helpful, this is another post in the community.

 

https://www.servicenow.com/community/spm-forum/i-want-to-control-the-access-in-itbm/m-p/1027472

0 Helpfuls

Rajesh_Singh
Kilo Sage
Kilo Sage

‎03-30-2023 08:39 PM

@mianmubeen 

 

To restrict project managers and project users in the Project Workspace, you can use Access Control Rules (ACLs) in ServiceNow. You'll need to create separate ACLs for both it_project_manager and project_user roles.

  1. Restricting it_project_manager (Steve and John) Create a new access control rule by navigating to System Security > Access Control (ACL) > New. Fill in the fields as follows:
  • Type: Record
  • Operation: Read
  • Name: project
  • Advanced: Checked
  • Script:
    (function executeRule(current, previous /*null when async*/) {
    if (gs.hasRole('it_project_manager') && current.manager == gs.getUserID()) {
        return true;
    }
    return false;
})(current, previous);
​

Click on "Submit" to save the ACL.

This ACL ensures that users with the it_project_manager role can only view projects where they are listed as the manager.

  1. Restricting project_user Create another access control rule by navigating to System Security > Access Control (ACL) > New. Fill in the fields as follows:
  • Type: Record
  • Operation: Read
  • Name: project
  • Advanced: Checked
  • Script:
(function executeRule(current, previous /*null when async*/) {
    if (gs.hasRole('project_user')) {
        var taskGR = new GlideRecord('pm_project_task');
        taskGR.addQuery('assigned_to', gs.getUserID());
        taskGR.query();

        while (taskGR.next()) {
            if (taskGR.project == current.sys_id) {
                return true;
            }
        }
    }
    return false;
})(current, previous);

Click on "Submit" to save the ACL.

This ACL ensures that users with the project_user role can only view projects in the Project Workspace where they have been assigned a project task.

These two ACLs should restrict access in the workspace view, as well as the list view. Keep in mind that you may need to adjust the script slightly if your field names differ from the examples above.

If you found my response helpful or applicable, please consider marking it as correct or helpful to assist others who may be seeking the same information.

---------------
Regards,
Rajesh Singh