Before Query Business Rule to restrict access

Zubair Alam2 · ‎12-10-2024

Can someone please help me with a query business rule to achieve this requirement?

Vendors should only be able to see records actively assigned to them via their group.

All help is greatly appreciated.

Gangadhar Ravi · ‎12-10-2024

@Zubair Alam2 if you already started working on this BR please post the script. I can help to review and provide any suggestions.

Please mark my answer correct and helpful if this works for you.

Abhay Kumar1 · ‎12-10-2024

@Zubair Alam2 You can add script in your BR similar to below to achieve same :

if (gs.hasRole('vendor')) { // Check if the user is a vendor
var groupIDs = [];
var userGr = new GlideRecord('sys_user_grmember');
userGr.addQuery('user', gs.getUserID());
userGr.query();

while (userGr.next()) {
groupIDs.push(userGr.group.toString());
}

// Restrict query to only records assigned to the user's groups
if (groupIDs.length > 0) {
current.addQuery('assignment_group', 'IN', groupIDs.join(','));
current.addQuery('active', true); // Only active records
} else {
// If the user is not in any group, prevent access
current.addQuery('sys_id', 'DOES NOT EXIST');
}
}

Hope this will help you.

Ankur Bawiskar · ‎12-10-2024

@Zubair Alam2

unless you share what you started with and what debugging have you done so far, we won't be able to help much

Regards,
Ankur
✨ Certified Technical Architect || ✨ 9x ServiceNow MVP || ✨ ServiceNow Community Leader

Zubair Alam2 · ‎01-22-2025

Hi @Ankur Bawiskar

This is what I have put together so far but it is failing a couple of tests. I am not sure what is missing. Please help. Thanks.
It gets the groups for the logged in user.
Then checks if any of those groups are marked as vendor. (u_vendor_group = Tur on sys_user_group).
If the user is in any vendor groups, it is supposed to restrict the records the user can see.
The requirement is : All vendor group members only be able to see tickets assigned to the vendor groups they belong to only.

(function executeRule(current, gScripting, gRequest, gResponse) {

// Get the logged-in user's groups

var userGroups = gs.getUser().getMyGroups();

var vendorGroups = [];

// Check if any of the user's groups are vendor groups

var grGroup = new GlideRecord('sys_user_group');

grGroup.addQuery('sys_id', 'IN', userGroups);

grGroup.addQuery('u_vendor_group', true);

grGroup.query();

while (grGroup.next()) {

vendorGroups.push(grGroup.sys_id.toString());

}

// If the user is in any vendor group, restrict the records they can see

if (userGroups.length > 0) {

current.addQuery('assignment_group', 'IN', userGroups.join(','));

}

else

{

current.addQuery('sys_id', ''); // No records will be returned

}

})();