ACL to apply to only specific groups
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎07-01-2025 12:04 PM
I have a scenerio
There are three assignment groups: Group A, Group B, and Group C.
Users in these groups all have the itil role.
RITMs (sc_req_item records) will be assigned to one of these three groups.
The requirement is that users should only see RITMs assigned to their own group:
->A user in Group A should only see RITMs assigned to Group A.
->A user in Group B should only see RITMs assigned to Group B.
->A user in Group C should only see RITMs assigned to Group C.
Users from one of these three groups should not see RITMs assigned to the other two groups.
This restriction should apply only to users in Group A, B, and C.
Other users (outside these three groups) should continue to see RITMs as allowed by the existing ACLs.
There are existing OOB read ACLs on the sc_req_item table that use role like snc_internal.
Question:
How can I enforce this group-based visibility rule on RITMs, where users in Group A, B, or C can only see RITMs assigned to their own group, without modifying or removing the existing ACLs, and without affecting users outside these groups?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎07-01-2025 12:43 PM
Hi @Trideep
have you looked into data filtration rule: https://www.servicenow.com/docs/bundle/yokohama-platform-security/page/administer/security/concept/d...
this should fulfill the requirement.
If my answer has helped with your question, please mark my answer as the accepted solution and give a thumbs up.
Best regards
Anders
Rising star 2024
MVP 2025
linkedIn: https://www.linkedin.com/in/andersskovbjerg/
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎07-07-2025 05:10 AM
Hi @AndersBGS ,
I do not find the Data Filtration (com.glide.data_filtration) Plugin in the Application Manager. Is it a paid one or freeware?
However, in filter navigator under System Security module I found Security Data Filters. Is it something similar to data filtration. Can I leverage it to accomplish my requirement?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎07-07-2025 06:32 AM
Hi @Trideep ,
Yes, as I read in an see it, it is similar: https://www.servicenow.com/docs/bundle/yokohama-platform-security/page/administer/security/concept/s...
If my answer has helped with your question, please mark my answer as the accepted solution and give a thumbs up.
Best regards
Anders
Rising star 2024
MVP 2025
linkedIn: https://www.linkedin.com/in/andersskovbjerg/
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎07-01-2025 01:45 PM
Hi @Trideep ,
If you dont want to modify existing ACLs, you can try Query Business Rules on RITM table like this
(function executeRule(current, previous /*null*/) {
// Get user’s group list as array of sys_ids
var groups = gs.getUser().getMyGroups().toString().split(',');
// Define restricted groups
var restricted = ['<A_sysid>', '<B_sysid>', '<C_sysid>']; // replace <A_sysid> etc. with actual sys_ids
// Check if user is in any of the restricted groups
var inRestricted = false;
for (var i = 0; i < groups.length; i++) {
for (var j = 0; j < restricted.length; j++) {
if (groups[i] === restricted[j]) {
inRestricted = true;
break;
}
}
if (inRestricted) break;
}
// Only apply filter if user is in Group A, B, or C
if (inRestricted) {
current.addQuery('assignment_group', 'IN', groups.join(','));
}
})(current, previous);
or like this:
(function executeRule(current, previous /*null*/) {
var user = gs.getUserID();
var groups = gs.getUser().getMyGroups();
var restricted = ['<A>', '<B>', '<C>'];
// Only filter queries for A/B/C members
if (groups.some(function(g) { return restricted.indexOf(g) > -1; })) {
current.addQuery('assignment_group', 'IN', groups.join(','));
}
})(current, previous);
Please test thoroughly, and post your questions if it didnt help, thank you!
Best Regards,
Sharif