- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-26-2024 09:52 AM
I have catalog requests that business users can use and when they are making the request for themselves Manager look up works fine but when they try to request it for someone else the Manager look up fails in the shots Danny is the logged in user
looking at debugger appears the logged in user is lacking permissions to grab from user table except for there own user
will include the client scripts for manager look up
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-26-2024 12:35 PM
Hey @Gary Larsen,
Have you tried using the 'Auto-populate'?
On the Manager variable, configure the 'Auto-populate' tab as below:
Cheers
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-26-2024 01:36 PM - edited 03-26-2024 01:38 PM
You are absolutely right, users without any roles can access the [sys_user] record but not its fields
I can confirm the following read sys_user.* ACLs are applied:
- Users can see their own sys_user record
- User with role (hasRoles()) can see all records
- Managers can see their subordinates' records
As 'Danny' doesn't meet any of the above, it's failing to retrieve the 'manager' field of another user.
I think you can do one of the following:
- If the 'manager' variable is used only for triggering some process (e.g. approval or task), remove/hide the variable from the catalog item and retrieve the manager value with the workflow/flow or other processes that requires it.
- Create a custom ACL
Cheers
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-26-2024 10:08 AM - edited 03-26-2024 02:20 PM
Hi @Gary Larsen,
I totally misread your message earlier so I've gone back and corrected my response.
Best Practice Tip: GlideRecord (server lookups) should not be called within a Client Script. Check the below link for further details at a later and more convenient time for yourself.
@Gary Larsen - Find below Client Script with calling a GlideAjex call (best practice) and a Script include to achieve what you need.
Client Script: (onChange)
function onChange(control, oldValue, newValue, isLoading) {
if (isLoading || newValue == '') {
return;
}
var user = g_form.getValue('requested_for');
var ga = new GlideAjax('Groupmanager');
ga.addParam('sysparm_name', 'UserDetails');
ga.addParam('sysparm_usr', user);
ga.getXMLAnswer(calback);
function calback(response) {
var answer = JSON.parse(response); //Transform the JSON string to an object
g_form.setValue('requester_manager', answer.manager);
}
}
Script Include:
var Groupmanager = Class.create();
Groupmanager.prototype = Object.extendsObject(AbstractAjaxProcessor, {
UserDetails: function() {
var x = this.getParameter('sysparm_usr');
var grUser = new GlideRecord('sys_user');
grUser.addQuery('sys_id', x);
grUser.query();
if (grUser.next()) {
var obj = {};
obj.manager = grUser.manager.toString();
return JSON.stringify(obj);
}
},
type: 'Groupmanager'
});
To help others (or for me to help you more directly), please mark this response correct by clicking on Accept as Solution and/or Helpful.
Thanks, Robbie
Best Practice Tip: Client Script Best Practices https://developer.servicenow.com/dev.do#!/guides/utah/now-platform/tpb-guide/client_scripting_techni...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-26-2024 10:53 AM
I shut of both of the scripts and made that change now manager does not populate on load or change
this is in a variable set but I wouldnt think that should matter
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-26-2024 12:35 PM
Hey @Gary Larsen,
Have you tried using the 'Auto-populate'?
On the Manager variable, configure the 'Auto-populate' tab as below:
Cheers
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-26-2024 12:52 PM
That works the same way my client script did
works if the requested for is the logged in user but if they request for another user no manager