Before Query Business Rule to restrict access

Zubair Alam2
Tera Contributor

Can someone please help me with a query business rule to achieve this requirement?

 

Vendors should only be able to see records actively assigned to them via their group.

 

 

All help is greatly appreciated. 

5 REPLIES 5

Gangadhar Ravi
Giga Sage
Giga Sage

@Zubair Alam2 if you already started working on this BR please post the script. I can help to review and provide any suggestions.

 

Please mark my answer correct and helpful if this works for you.

Abhay Kumar1
Giga Sage

@Zubair Alam2 You can add script in your BR similar to below  to achieve same :

if (gs.hasRole('vendor')) { // Check if the user is a vendor
var groupIDs = [];
var userGr = new GlideRecord('sys_user_grmember');
userGr.addQuery('user', gs.getUserID());
userGr.query();

while (userGr.next()) {
groupIDs.push(userGr.group.toString());
}

// Restrict query to only records assigned to the user's groups
if (groupIDs.length > 0) {
current.addQuery('assignment_group', 'IN', groupIDs.join(','));
current.addQuery('active', true); // Only active records
} else {
// If the user is not in any group, prevent access
current.addQuery('sys_id', 'DOES NOT EXIST');
}
}

Hope this will help you.

Ankur Bawiskar
Tera Patron
Tera Patron

@Zubair Alam2 

unless you share what you started with and what debugging have you done so far, we won't be able to help much

Regards,
Ankur
Certified Technical Architect  ||  9x ServiceNow MVP  ||  ServiceNow Community Leader

Hi @Ankur Bawiskar 

This is what I have put together so far but it is failing a couple of tests. I am not sure what is missing. Please help. Thanks. 
It gets the groups for the logged in user.
Then checks if any of those groups are marked as vendor. (u_vendor_group = Tur on sys_user_group).
If the user is in any vendor groups, it is supposed to restrict the records the user can see.
The requirement is : All vendor group members only be able to see tickets assigned to the vendor groups they belong to only. 



(function executeRule(current, gScripting, gRequest, gResponse) {
    // Get the logged-in user's groups
    var userGroups = gs.getUser().getMyGroups();
    var vendorGroups = [];
   
    // Check if any of the user's groups are vendor groups
    var grGroup = new GlideRecord('sys_user_group');
    grGroup.addQuery('sys_id', 'IN', userGroups);
    grGroup.addQuery('u_vendor_group', true);
    grGroup.query();
   
    while (grGroup.next()) {
        vendorGroups.push(grGroup.sys_id.toString());
    }
   
    // If the user is in any vendor group, restrict the records they can see
    if (userGroups.length > 0) {
        current.addQuery('assignment_group', 'IN', userGroups.join(','));
    }
    else
    {
     current.addQuery('sys_id', ''); // No records will be returned
          }
})();