Business rule query

Merza Lyn
Mega Guru

We created a business rule to restrict Risk and Risk acceptance task to search if logged in user is not the same as the owner and assigned_to.

 

sn_risk_risk - Owner

(function executeRule(current, previous /*null when async*/) {
   // Allow admins and users with specific roles to bypass the restriction
   if (gs.hasRole('admin') || gs.hasRole('sn_risk.global_manager') || gs.hasRole('sn_grc.admin')) {
       return;
   }

   var user = gs.getUser();
   var userRecord = new GlideRecord('sys_user');

   if (userRecord.get(user.getID())) {
       var userCountry = userRecord.location.country;

       // If user's country is defined, filter the query
       if (userCountry) {
           // Add condition: Owner's country must match user's country
           current.addQuery('owner.location.country', userCountry);
       } else {
           // If user has no country, restrict all records
           current.addQuery('sys_id', '');
       }
   } else {
       // If user record not found, restrict all records
       current.addQuery('sys_id', '');
   }
})(current, previous);

 

sn_risk_acceptance_task

(function executeRule(current, previous /*null when async*/) {
   // Allow admins and users with specific roles to bypass the restriction
   if (gs.hasRole('admin') || gs.hasRole('sn_risk.global_manager') || gs.hasRole('sn_grc.admin')) {
       return;
   }
   var user = gs.getUser();
   var userRecord = new GlideRecord('sys_user');
   if (userRecord.get(user.getID())) {
       var userCountry = userRecord.location.country;
       // If user's country is defined, filter the query
       if (userCountry) {
           // Add condition: Owner's country must match user's country for the task
           current.addQuery('assigned_to.location.country', userCountry);
       } else {
           // If user has no country, restrict all records
           current.addQuery('sys_id', '');
       }
       // Check if the risk acceptance task has an associated parent risk
       if (current.risk) {
           var parentRisk = new GlideRecord('sn_risk_risk');
           if (parentRisk.get(current.risk)) {
               // If the parent risk exists and has an owner
               var parentRiskOwnerCountry = parentRisk.owner.location.country;
               // If the parent risk owner is from a different country, allow access to the task
               if (parentRiskOwnerCountry !== userCountry) {
                   // Allow access to the risk task even if country mismatch exists
                   current.addQuery('sys_id', current.sys_id);  // Ensure the task remains accessible
               }
           }
       }
   } else {
       // If user record not found, restrict all records
       current.addQuery('sys_id', '');
   }
})(current, previous);

 

However, there are cases that when the Owner of the Risk assigned the risk acceptance task to user that located in other country. So the assigned_to cannot view the Parent risk.

 

Sample this Risk.

Owner is from Korea

MerzaLyn_2-1741655320704.png

 

And the risk acceptance task is assigned to Scott that is located in the US.

MerzaLyn_3-1741655348550.png

So Scott cannot view the parent risk because him and the owner are not in the same country.

MerzaLyn_4-1741655430555.png

How can I exempt that case in my BRs?

13 REPLIES 13

Hi @Merza Lyn ,

Correct, please double check the techincal name of the risk field as well and correct the typo in the script as well.

 

It should be:

taskGR.addEncodedQuery('assigned_to=' + user.getID() + '^risk=' + current.sys_id);

instead of:

taskGR.addEncodedQuery('assigned_to', user.getID() + '^risk=' + current.sys_id);

 


If you found this helpful, please hit the thumbs-up button and mark as correct. That helps others find their solutions.

This is the parent risk in the risk acceptance task form

MerzaLyn_0-1741664885471.png

 

Hi @Merza Lyn 

then the query is valid:

 

taskGR.addEncodedQuery('assigned_to=' + user.getID() + '^risk=' + current.sys_id);

 

did you adjust the script in the business rule with the corrected typo?

 

any errors in the logs ?!

 


If you found this helpful, please hit the thumbs-up button and mark as correct. That helps others find their solutions.

I tried but still not working.