Catalog request

Gary Larsen · ‎03-26-2024

I have catalog requests that business users can use and when they are making the request for themselves Manager look up works fine but when they try to request it for someone else the Manager look up fails in the shots Danny is the logged in user

looking at debugger appears the logged in user is lacking permissions to grab from user table except for there own user

will include the client scripts for manager look up

James Chun · ‎03-26-2024

Hey @Gary Larsen,

Have you tried using the 'Auto-populate'?

On the Manager variable, configure the 'Auto-populate' tab as below:

Cheers

View solution in original post

James Chun · ‎03-26-2024

You are absolutely right, users without any roles can access the [sys_user] record but not its fields

I can confirm the following read sys_user.* ACLs are applied:

Users can see their own sys_user record
User with role (hasRoles()) can see all records
Managers can see their subordinates' records

As 'Danny' doesn't meet any of the above, it's failing to retrieve the 'manager' field of another user.

I think you can do one of the following:

If the 'manager' variable is used only for triggering some process (e.g. approval or task), remove/hide the variable from the catalog item and retrieve the manager value with the workflow/flow or other processes that requires it.
Create a custom ACL

Cheers

View solution in original post

Robbie · ‎03-26-2024

Hi @Gary Larsen,

I totally misread your message earlier so I've gone back and corrected my response.

Best Practice Tip: GlideRecord (server lookups) should not be called within a Client Script. Check the below link for further details at a later and more convenient time for yourself.

@Gary Larsen - Find below Client Script with calling a GlideAjex call (best practice) and a Script include to achieve what you need.

Client Script: (onChange)

function onChange(control, oldValue, newValue, isLoading) {
    if (isLoading || newValue == '') {
        return;
    }
    var user = g_form.getValue('requested_for');

    var ga = new GlideAjax('Groupmanager');
    ga.addParam('sysparm_name', 'UserDetails');
    ga.addParam('sysparm_usr', user);
    ga.getXMLAnswer(calback);

    function calback(response) {
        var answer = JSON.parse(response); //Transform the JSON string to an object  
        g_form.setValue('requester_manager', answer.manager);
    }

}

Script Include:

var Groupmanager = Class.create();
Groupmanager.prototype = Object.extendsObject(AbstractAjaxProcessor, {

    UserDetails: function() {
        var x = this.getParameter('sysparm_usr');
        var grUser = new GlideRecord('sys_user');
        grUser.addQuery('sys_id', x);
        grUser.query();
        if (grUser.next()) {
            var obj = {};
            obj.manager = grUser.manager.toString();
             return JSON.stringify(obj);
        }
    },

    type: 'Groupmanager'
});

To help others (or for me to help you more directly), please mark this response correct by clicking on Accept as Solution and/or Helpful.

Thanks, Robbie

Best Practice Tip: Client Script Best Practices https://developer.servicenow.com/dev.do#!/guides/utah/now-platform/tpb-guide/client_scripting_techni...

Gary Larsen · ‎03-26-2024

I shut of both of the scripts and made that change now manager does not populate on load or change

this is in a variable set but I wouldnt think that should matter

James Chun · ‎03-26-2024

Hey @Gary Larsen,

Have you tried using the 'Auto-populate'?

On the Manager variable, configure the 'Auto-populate' tab as below:

Cheers

Gary Larsen · ‎03-26-2024

That works the same way my client script did

works if the requested for is the logged in user but if they request for another user no manager