Find your people. Pick a challenge. Ship something real. The CreatorCon Hackathon is coming to the Community Pavilion for one epic night. Every skill level, every role welcome. Join us on May 5th and learn more here.

Business rule query

Merza Lyn
Giga Guru

‎03-10-2025 06:11 PM

We created a business rule to restrict Risk and Risk acceptance task to search if logged in user is not the same as the owner and assigned_to.

 

sn_risk_risk - Owner

(function executeRule(current, previous /*null when async*/) {
   // Allow admins and users with specific roles to bypass the restriction
   if (gs.hasRole('admin') || gs.hasRole('sn_risk.global_manager') || gs.hasRole('sn_grc.admin')) {
       return;
   }

   var user = gs.getUser();
   var userRecord = new GlideRecord('sys_user');

   if (userRecord.get(user.getID())) {
       var userCountry = userRecord.location.country;

       // If user's country is defined, filter the query
       if (userCountry) {
           // Add condition: Owner's country must match user's country
           current.addQuery('owner.location.country', userCountry);
       } else {
           // If user has no country, restrict all records
           current.addQuery('sys_id', '');
       }
   } else {
       // If user record not found, restrict all records
       current.addQuery('sys_id', '');
   }
})(current, previous);

 

sn_risk_acceptance_task

(function executeRule(current, previous /*null when async*/) {
   // Allow admins and users with specific roles to bypass the restriction
   if (gs.hasRole('admin') || gs.hasRole('sn_risk.global_manager') || gs.hasRole('sn_grc.admin')) {
       return;
   }
   var user = gs.getUser();
   var userRecord = new GlideRecord('sys_user');
   if (userRecord.get(user.getID())) {
       var userCountry = userRecord.location.country;
       // If user's country is defined, filter the query
       if (userCountry) {
           // Add condition: Owner's country must match user's country for the task
           current.addQuery('assigned_to.location.country', userCountry);
       } else {
           // If user has no country, restrict all records
           current.addQuery('sys_id', '');
       }
       // Check if the risk acceptance task has an associated parent risk
       if (current.risk) {
           var parentRisk = new GlideRecord('sn_risk_risk');
           if (parentRisk.get(current.risk)) {
               // If the parent risk exists and has an owner
               var parentRiskOwnerCountry = parentRisk.owner.location.country;
               // If the parent risk owner is from a different country, allow access to the task
               if (parentRiskOwnerCountry !== userCountry) {
                   // Allow access to the risk task even if country mismatch exists
                   current.addQuery('sys_id', current.sys_id);  // Ensure the task remains accessible
               }
           }
       }
   } else {
       // If user record not found, restrict all records
       current.addQuery('sys_id', '');
   }
})(current, previous);

 

However, there are cases that when the Owner of the Risk assigned the risk acceptance task to user that located in other country. So the assigned_to cannot view the Parent risk.

 

Sample this Risk.

Owner is from Korea

MerzaLyn_2-1741655320704.png

 

And the risk acceptance task is assigned to Scott that is located in the US.

MerzaLyn_3-1741655348550.png

So Scott cannot view the parent risk because him and the owner are not in the same country.

MerzaLyn_4-1741655430555.png

How can I exempt that case in my BRs?

0 Helpfuls
  • 1,952 Views
13 REPLIES 13

Medi C
Giga Sage
In response to Merza Lyn

‎03-10-2025 08:27 PM - edited ‎03-10-2025 08:27 PM

Hi @Merza Lyn,

 

could you please check the technical names on the risk task table and adjust accordingly in the second script I have provided in the query, this is the line that needs to be adjusted:

 

assigned_to should be replaced with the technical name of field “Site Risk Manager”

risk should be replaced with technical name of Risk

 

taskGR.addEncodedQuery('assigned_to=' + user.getID() + '^risk=' + current.sys_id);

 

 


Thanks & Best regards,
Medi

0 Helpfuls

Medi C
Giga Sage
In response to Medi C

‎03-10-2025 08:29 PM

There was also a typo (missing “=“) 

it should be in this format (please double check the technical names from the risk task table):

taskGR.addEncodedQuery('assigned_to=' + user.getID() + '^risk=' + current.sys_id);

 


Thanks & Best regards,
Medi

0 Helpfuls

Medi C
Giga Sage
In response to Medi C

‎03-11-2025 07:26 AM

@Merza Lyn 

I hope you are doing well! Did it work?


Thanks & Best regards,
Medi

0 Helpfuls

Merza Lyn
Giga Guru
In response to Medi C

‎03-11-2025 08:13 PM

Hi @Medi C 

No, it did not work.

0 Helpfuls

Merza Lyn
Giga Guru
In response to Medi C

‎03-10-2025 08:33 PM

Hello @Medi C 

 

This one?

 

MerzaLyn_2-1741663991893.pngMerzaLyn_3-1741664014706.png

 

 

0 Helpfuls