Establishing proper variable permissions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎07-24-2024 08:15 PM
We aim to configure variable permissions for a catalog item, restricting access to the payroll group post-request submission while ensuring visibility for customers during submission.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎07-25-2024 12:07 AM
Hi @duûisa,
please follow below steps:
To configure variable permissions for a catalog item in ServiceNow, follow these steps:
Set Up the Catalog Item:
- Go to Service Catalog > Catalog Definitions > Maintain Items.
- Add the necessary variables.
Create UI Policies:
- Go to Service Catalog > Catalog Policies > Catalog UI Policies.
- Create a new UI Policy for the catalog item.
- Set the conditions and actions to hide variables for the payroll group after submission.
Use Client Scripts:
function onLoad() {
var user = g_user.getUserID();
var payrollGroup = 'sys_id_of_payroll_group';
var gr = new GlideRecord('sys_user_grmember');
gr.addQuery('group', payrollGroup);
gr.addQuery('user', user);
gr.query();
if (gr.next()) {
g_form.setDisplay('variable_name', false);
}
}
4.Set Variable Read Roles:
- Edit each variable and set Read Roles to exclude the payroll group for post-submission.
5.Post-Submission Handling:
- Use business rules on the sc_task or sc_req_item table to hide variables for the payroll group:
(function executeRule(current, previous) {
var user = gs.getUserID();
var payrollGroup = 'sys_id_of_payroll_group';
var gr = new GlideRecord('sys_user_grmember');
gr.addQuery('group', payrollGroup);
gr.addQuery('user', user);
gr.query();
if (gr.next()) {
current.variable_name = '';
}
})(current, previous);
Thank you, please make helpful if you accept the solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎07-31-2024 06:49 AM
You may want to read about the masked variable type here on the Product Documentation site. It gives the ability to expose variables to all submitters for entry/submission, but then only allows users with a specific role (catalog_view_masked) to see them after submission. I think the challenge with using the Permissions tab/options for individual variables is that you have to give the create and read access to a broad enough audience to allow them to submit, which then means that same broad audience can view the variable after submission. So I think that is probably only a good option when you have an item/variable that is only submittable in the first place by a smaller audience.
