Join the #BuildWithBuildAgent Challenge! Get recognized, earn exclusive swag, and inspire the ServiceNow Community with what you can build using Build Agent.  Join the Challenge.

Before Query Business Rule to restrict access

Zubair Alam2
Tera Contributor

‎12-10-2024 01:53 PM

Can someone please help me with a query business rule to achieve this requirement?

 

Vendors should only be able to see records actively assigned to them via their group.

 

 

All help is greatly appreciated. 

0 Helpfuls
  • 939 Views
5 REPLIES 5

Gangadhar Ravi
Giga Sage

‎12-10-2024 04:50 PM

@Zubair Alam2 if you already started working on this BR please post the script. I can help to review and provide any suggestions.

 

Please mark my answer correct and helpful if this works for you.

0 Helpfuls

Community Alums
Not applicable

‎12-10-2024 06:51 PM

@Zubair Alam2 You can add script in your BR similar to below  to achieve same :

if (gs.hasRole('vendor')) { // Check if the user is a vendor
var groupIDs = [];
var userGr = new GlideRecord('sys_user_grmember');
userGr.addQuery('user', gs.getUserID());
userGr.query();

while (userGr.next()) {
groupIDs.push(userGr.group.toString());
}

// Restrict query to only records assigned to the user's groups
if (groupIDs.length > 0) {
current.addQuery('assignment_group', 'IN', groupIDs.join(','));
current.addQuery('active', true); // Only active records
} else {
// If the user is not in any group, prevent access
current.addQuery('sys_id', 'DOES NOT EXIST');
}
}

Hope this will help you.

0 Helpfuls

Ankur Bawiskar
Tera Patron
Tera Patron

‎12-10-2024 08:26 PM

@Zubair Alam2 

unless you share what you started with and what debugging have you done so far, we won't be able to help much

Regards,
Ankur
Certified Technical Architect  ||  9x ServiceNow MVP  ||  ServiceNow Community Leader
0 Helpfuls

Zubair Alam2
Tera Contributor
In response to Ankur Bawiskar

‎01-22-2025 06:27 AM

Hi @Ankur Bawiskar 

This is what I have put together so far but it is failing a couple of tests. I am not sure what is missing. Please help. Thanks. 
It gets the groups for the logged in user.
Then checks if any of those groups are marked as vendor. (u_vendor_group = Tur on sys_user_group).
If the user is in any vendor groups, it is supposed to restrict the records the user can see.
The requirement is : All vendor group members only be able to see tickets assigned to the vendor groups they belong to only. 



(function executeRule(current, gScripting, gRequest, gResponse) {
    // Get the logged-in user's groups
    var userGroups = gs.getUser().getMyGroups();
    var vendorGroups = [];
   
    // Check if any of the user's groups are vendor groups
    var grGroup = new GlideRecord('sys_user_group');
    grGroup.addQuery('sys_id', 'IN', userGroups);
    grGroup.addQuery('u_vendor_group', true);
    grGroup.query();
   
    while (grGroup.next()) {
        vendorGroups.push(grGroup.sys_id.toString());
    }
   
    // If the user is in any vendor group, restrict the records they can see
    if (userGroups.length > 0) {
        current.addQuery('assignment_group', 'IN', userGroups.join(','));
    }
    else
    {
     current.addQuery('sys_id', ''); // No records will be returned
          }
})();
0 Helpfuls