New role to access only specific incidents and nothing else to be visible

Drithika20 · ‎04-04-2025

Hi All,

I have created a new role 'external_printer_techs' and have given ACL for incident table for read, create and write.

I have updated the 'incident query' business rule also to allow access to the role users to see incidents.

I have created a new module to show incidents based on the user assignment group, but still, I am not able to see any incidents in this module and neither i am able to create a new incident even if i see new button.

I have used access analyzer also to check what is wrong, it still shows that i have query business rule issue. I have checked all other query business rules as well none of them restricts the incident table's view or write access.

Note: I don't have any domain separation security.

Please suggest what can be done, please see below screenshots of my changes:

Shivalika · ‎04-06-2025

Hello @Drithika20

Is there any existing Query BR running on your instance? Also have you added this role - to module - incidents ? This way of putting conditions is really not recommended. But need to understand whole scenario, before suggesting a feasible approach. And you shouldn't need to create new ACLs, you should just modify existing ones by adding your new role.

Kindly mark my answer as helpful and accept solution if it helped you in anyway. This will help me be recognized for the efforts and also move this questions from unsolved to solved bucket.

Regards,

Shivalika

My LinkedIn - https://www.linkedin.com/in/shivalika-gupta-540346194

My youtube - https://youtube.com/playlist?list=PLsHuNzTdkE5Cn4PyS7HdV0Vg8JsfdgQlA&si=0WynLcOwNeEISQCY

Drithika20 · ‎04-07-2025

Yes I have added this to the module, yes there is one query BR which restricts access to incidents i have handled it but still it is showing me that there is a query BR which is blocking to give access to Incidents.

Shivalika · ‎04-09-2025

Can you share the query BR @Drithika20 ?

Rajesh_Bhise · ‎04-08-2025

Hello @Drithika20,

The OOTB query BR -" incident query" is restricting access to the users who do not have roles (ITIL, sn_incident_read).

You have updated your custom role in the same condition as below:

Hence this query BR would also ignore the users who has custom role - external_printer_techs. ACLs created and this BR might fight in between and result might be negative in your case.

I suggest to have BR script like below:

*********************************************************************************************************

restrictIncidents();

function restrictIncidents() {

if (!gs.hasRole("itil") && !gs.hasRole("sn_incident_read") && gs.isInteractive()) {

//Do NOT restrict Incidents if user has the service_viewer role.

if (gs.hasRole('external_printer_techs')) // Custom role exception

return;

if (gs.hasRole('service_viewer'))

return;

if (GlidePluginManager.isActive('sn_fsm_itsm_mng') && gs.hasRole('wm_ext_agent'))

return;

// STRY52118544: ham_user is added to support incident read for reporting on HAM store app

if (GlidePluginManager.isActive('com.sn_hamp') && gs.hasRole('sn_hamp.ham_user')) {

return;

}

// DEF0330091: Allow query on OT Incident with sn_ot_incident_read role

if (GlidePluginManager.isActive('com.sn_ot_inc_mgmt') && gs.hasRole("sn_ot_incident_read"))

return;

// Responders should be able to access all incidents

if (gs.hasRole("sn_sow_srm.srm_responder")) {

return;

}

var u = gs.getUserID();

current.addQuery("caller_id", u).addOrCondition("opened_by", u).addOrCondition("watch_list", "CONTAINS", u);

}

*****************************************************************************************************

This would give you an expected output. Please give a try and let me know if you still have concerns.

Please mark this reply as Helpful and correct. This gives confidence to answer queries like you have.

Happy to help you further.

Regards,

Rajesh Bhise