Allow approvers read access to restricted RITMs

Tracey6
Tera Contributor

‎10-14-2022 07:34 AM

Hello - Due to confidentiality reasons we have a few RITMs that have access restricted to specific groups only i.e., Legal.  Even users with ITIL and ADMIN roles are restricted.  I was able to restrict the access with a Business Rule before query.  However, some of the catalog requests require approval from the requestors manager.  How do I allow approvers to read and approve items they are responsible for approving?  I'm fairly new to ServiceNow so any help you could provide is appreciated!

 

0 Helpfuls
  • 661 Views
4 REPLIES 4

Niklas Peterson
Mega Sage
Mega Sage

‎10-14-2022 11:57 AM

Hi @Tracey6 ,

If you restrict it with ACLs instead of BRs then it is fairly easy to set the conditions on who should have access and who should not. 

 

https://docs.servicenow.com/bundle/tokyo-platform-security/page/administer/contextual-security/conce... 

Regards,
Niklas

0 Helpfuls

Jan Cernocky
Tera Guru

‎10-14-2022 01:02 PM

Hi Tracey,

for the before query BR you can utilize logic in script include ApproverUtils, specifically method canApproversRead. 

The same one is used in ACL for approvers.

Tracey6
Tera Contributor
In response to Jan Cernocky

‎10-17-2022 08:28 PM

Thank you Jan below is the ApproverUtils script include and my BR.  I'm not sure I understand what part of the script I would add to the BR?

 

Tracey6_1-1666063683799.png

 

 

Tracey6_0-1666063487517.png

 

0 Helpfuls

Pius Gumo1
Tera Expert
In response to Tracey6

‎10-18-2022 02:15 AM

The Before BR Query is table specific whereas the ApproverUtils() Script Include is record specific. 

Your implementation as well is sort of record specific. i.e., seeing if the record (single) viewer is an approver (single). 

 

As mentioned earlier in the thread, you might want to use ACLs instead as the BRs to perform record ACLs might be overengineering (in the wrong direction).

 

 

0 Helpfuls