ACL for particular user group

BKash
Tera Contributor

‎01-08-2025 09:51 PM

For a record, If the assigned to is a group1 member and logged in user is group 2 member then for the group 2 member the record should be read only. How to write ACL script for this requirement?

0 Helpfuls
  • 749 Views
10 REPLIES 10

BKash
Tera Contributor
In response to Runjay Patel

‎01-09-2025 01:31 AM

Hi @Runjay Patel , We don't want to hardcode group name or sys id. Besides that assigned to user has more than one group so we are trying to make use of one system property that has multiple key value pair for multiple groups. Do you have a code for that?

0 Helpfuls

Ankur Bawiskar
Tera Patron
Tera Patron

‎01-08-2025 10:47 PM

@BKash 

you can use table.None WRITE ACL and not table.*

Use advanced script with below script

Create 2 system properties with group names in each

// Get the assigned to user's groups
var assignedToGroups = new GlideRecord('sys_user_grmember');
assignedToGroups.addQuery('user', current.assigned_to);
assignedToGroups.addQuery('group.name', gs.getProperty('group1PropertyName')); // hold group 1 name here
assignedToGroups.query();
var isGroup1Member = assignedToGroups.hasNext();

// Get the logged-in user's groups
var loggedInGroups = new GlideRecord('sys_user_grmember');
loggedInGroups.addQuery('user', gs.getUserID());
loggedInGroups.addQuery('group.name', gs.getProperty('group2PropertyName')); // hold group 2 name here
loggedInGroups.query();
var isGroup2Member = loggedInGroups.hasNext();

// Check the conditions
if (isGroup1Member && isGroup2Member) {
    answer = false; // Make the record read-only for group 2 members
} else {
    answer = true;
}

If my response helped please mark it correct and close the thread so that it benefits future readers.

Regards,
Ankur
Certified Technical Architect  ||  9x ServiceNow MVP  ||  ServiceNow Community Leader

BKash
Tera Contributor
In response to Ankur Bawiskar

‎01-08-2025 10:54 PM

Hi @Ankur Bawiskar , we have created one system property for these groups and created one script include for all groups so that we can reuse them. Can we use these script include functions in ACL for the above purpose instead of using system property?

 

0 Helpfuls

Ankur Bawiskar
Tera Patron
Tera Patron
In response to BKash

‎01-08-2025 10:55 PM

@BKash 

yes you can use

OR

simply use the property name in the script I shared

If my response helped please mark it correct and close the thread so that it benefits future readers.

Regards,
Ankur
Certified Technical Architect  ||  9x ServiceNow MVP  ||  ServiceNow Community Leader
0 Helpfuls

Mark Manders
Mega Patron

‎01-09-2025 01:12 AM

What version are you on? With Xanadu you can do this very simple by creating one (1!) deny-unless write ACL, with 'assignment_group = one of my groups'. It will automatically prevent any other group from writing to the record.


Please mark any helpful or correct solutions as such. That helps others find their solutions.
Mark
0 Helpfuls