Restrict itil role to view only request s they submitted for a specific catalog item.

Tracey6 · ‎10-25-2022

Hello - I have a specific catalog log item that I need to restrict users with the itil role to view only requests they submitted. I've tried created and read ACL on the sc_request_item as well as a business rule and nothing works.

I was able to restrict read access, but it also restricts them from submitting their own request.

Thank you in advance for your help!

See screen shot

Brad Bowman · ‎10-26-2022

Inactivate the Business Rule, as I don't see what that could possibly be adding/effecting in this scenario. On the ACL, you have a heck of a lot of conditions. Are all of these really necessary? If you deactivate the ACL, can you submit a new request? Once you can do this, activate the ACL with one condition at a time - so start with isNewRecord only, and you should be able to read and write. Once this is working, add the necessary conditions to be able to read existing RITMs if the current user was the submitter - but this should be one condition - whatever on the RITM matches the current user. You'll also want to add a condition for this Catalog Item only, so this doesn't apply to every RITM/Catalog Item.

View solution in original post

Dr Atul G- LNG · ‎10-26-2022

I am not a developer mate but would like to understand the need for this requirement. ITIL user is one who can work on records and make restrictions, you are violating the basic function of ITIL.

You can use the available for if required.

Mark helpful, if solve the purpose.

*************************************************************************************************************
If my response proves useful, please indicate its helpfulness by selecting " Accept as Solution" and " Helpful." This action benefits both the community and me.

Regards
Dr. Atul G. - Learn N Grow Together
ServiceNow Techno - Functional Trainer
LinkedIn: https://www.linkedin.com/in/dratulgrover
YouTube: https://www.youtube.com/@LearnNGrowTogetherwithAtulG
Topmate: https://topmate.io/atul_grover_lng [ Connect for 1-1 Session]

****************************************************************************************************************

Brad Bowman · ‎10-26-2022

Hi Tracey,

On your read ACL on the sc_req_item table, add a script or incorporate this logic into your script.

answer = false;
if (current.isNewRecord() || current.opened_by = gs.getUserID()) {
    answer = true;
}

Tracey6 · ‎10-26-2022

Thank you Mega very for your suggestion. I tried that on the OOB read ACL and still no luck. I've added my business rule here do you see any issue? When I impersonate an itil user and after submission i get this

bus

Brad Bowman · ‎10-26-2022

Inactivate the Business Rule, as I don't see what that could possibly be adding/effecting in this scenario. On the ACL, you have a heck of a lot of conditions. Are all of these really necessary? If you deactivate the ACL, can you submit a new request? Once you can do this, activate the ACL with one condition at a time - so start with isNewRecord only, and you should be able to read and write. Once this is working, add the necessary conditions to be able to read existing RITMs if the current user was the submitter - but this should be one condition - whatever on the RITM matches the current user. You'll also want to add a condition for this Catalog Item only, so this doesn't apply to every RITM/Catalog Item.