Business Rule to restrict visibility of Incidents to assignment group members, caller, watchlist

Renee16
Tera Contributor

‎04-18-2024 03:21 AM

Requirement: Incidents that are assigned to "IT - Enhancements" to only be visible to members of the IT Enhancements assignment group, the caller, users on the watch list and admins. Other itil users cannot see these tickets unless the ticket is no longer assigned to IT - Enhancements group.

 

I have somewhat achieved this through a business rule before query to lock down to members of the IT - Enhancements group.

Renee16_1-1713435364570.png

 

I now want to add Admin, Caller and Watch list to this, i have tried to add the following in the condition but this did not allow the caller to see the ticket in the portal 

!gs.getUser().isMemberOf('IT - Enhancements') || current.caller_id != gs.getUser() || !current.watch_list.toString().split(';').includes(gs.getUser()

 

I tried without the watchlist and just had just current caller id

!gs.getUser().isMemberOf('IT - Enhancements') && current.caller_id != gs.getUser()

 

I have used OR || and also && but nothing seems to work to allow Caller, Watch list and Admin to see the ticket as well any help would be appreciated?

 

0 Helpfuls
  • 737 Views
10 REPLIES 10

Robbie
Kilo Patron
Kilo Patron

‎04-18-2024 03:35 AM - edited ‎04-18-2024 06:21 AM

Hi @Renee16,

 

(Update: See my response in the later thread re leveraging an ACL instead. Apologies, I had the horse blinkers on and didn't quite read the requirement fully. I can also see that @AndersBGS has made a good shout and recommendation)

 

You're on the right track. You need to control this via an onBefore Query business rule as you have...

In the code, I would simply call it as a function similar to below:

 

To help others (or for me to help you more directly), please mark this response correct by clicking on Accept as Solution and/or Kudos.

 

Thanks, Robbie

 

 

 

(function executeRule(current, previous /*null when async*/ ) {

function restrictTicketView() {
        try {

           //Add any variables here to help you identify data points such as logged in user
            var userID = gs.getUserID();
            var userGroups = gs.getUser().getMyGroups();

           current.addQuery("caller_id", userID)
          .addOrCondition("assignment_group", userGroups)
          .addOrCondition("watch_list", "CONTAINS", userID);

}
catch(e){
        gs.error("Error in Restrict Site Security Incidents before query Business rule: " + e.getMessage());
}
}

restrictTicketView();

})(current, previous);

 

 

 

 

 

 

Renee16
Tera Contributor
In response to Robbie

‎04-18-2024 03:50 AM

Thanks for the reply this is getting closer - this allows the user and watch list to see the ticket, however now itil users can only see tickets in their assignment groups, there is still a need to allow them to see other tickets not in their assignment group just not IT - Enhancements. 

 

I tried to add a filter condition based on Assignment group is IT - Enhancements but the ticket was now visible to all itil users again.  i think i am still missing a condition somewhere that limits this business rule to only apply to tickets in IT - Enhancements. 

Renee16_0-1713437413293.png

 

Renee16_1-1713437428719.png

 

0 Helpfuls

Robbie
Kilo Patron
Kilo Patron
In response to Renee16

‎04-18-2024 04:00 AM

Hi @Renee16,

 

No worries. I think I had a little bit of tunnel vision having implemented something similar previously.

On a second view of this, if we are only wanting to restrict tickets assigned to 'IT - Enhancements' to members of that group, implement an ACL (Access Control) - Read access.

 

Deactivate the Business rule you're working on. An ACL is designed for exactly your use case.

 

To help others (or for me to help you more directly), please mark this response correct by clicking on Accept as Solution and/or Kudos.

 

Thanks, Robbie

0 Helpfuls

Abhiii1
Tera Contributor
In response to Robbie

‎07-21-2024 09:18 PM - edited ‎07-21-2024 09:18 PM

Hello @Robbie 

could you please explain what ACL has to be applied on this?
As it is an OOB table, the OOB ACL also has to be edited right?

0 Helpfuls

AndersBGS
Tera Patron
Tera Patron

‎04-18-2024 05:42 AM

Hi @Renee16 ,

 

Why not looking at the plugin for data filtration rules: Exploring Data filtration (servicenow.com) This is exactly the use case without any coding. 

 

If my answer has helped with your question, please mark my answer as accepted solution and give a thumb up.

 

Best regards

Anders

If my answer has helped with your question, please mark my answer as the accepted solution and give a thumbs up.

Best regards
Anders

Rising star 2024
MVP 2025
linkedIn: https://www.linkedin.com/in/andersskovbjerg/

0 Helpfuls