Catalog request

Gary Larsen · ‎03-26-2024

I have catalog requests that business users can use and when they are making the request for themselves Manager look up works fine but when they try to request it for someone else the Manager look up fails in the shots Danny is the logged in user

looking at debugger appears the logged in user is lacking permissions to grab from user table except for there own user

will include the client scripts for manager look up

James Chun · ‎03-26-2024

Hey @Gary Larsen,

Have you tried using the 'Auto-populate'?

On the Manager variable, configure the 'Auto-populate' tab as below:

Cheers

View solution in original post

James Chun · ‎03-26-2024

You are absolutely right, users without any roles can access the [sys_user] record but not its fields

I can confirm the following read sys_user.* ACLs are applied:

Users can see their own sys_user record
User with role (hasRoles()) can see all records
Managers can see their subordinates' records

As 'Danny' doesn't meet any of the above, it's failing to retrieve the 'manager' field of another user.

I think you can do one of the following:

If the 'manager' variable is used only for triggering some process (e.g. approval or task), remove/hide the variable from the catalog item and retrieve the manager value with the workflow/flow or other processes that requires it.
Create a custom ACL

Cheers

View solution in original post

Gary Larsen · ‎03-26-2024

if the logged in user has ITIL it works fine so did my client script seems like a role issue

James Chun · ‎03-26-2024

You are absolutely right, users without any roles can access the [sys_user] record but not its fields

I can confirm the following read sys_user.* ACLs are applied:

Users can see their own sys_user record
User with role (hasRoles()) can see all records
Managers can see their subordinates' records

As 'Danny' doesn't meet any of the above, it's failing to retrieve the 'manager' field of another user.

I think you can do one of the following:

If the 'manager' variable is used only for triggering some process (e.g. approval or task), remove/hide the variable from the catalog item and retrieve the manager value with the workflow/flow or other processes that requires it.
Create a custom ACL

Cheers

Gary Larsen · ‎03-26-2024

I gave my business users the contact_user role and everything works correctly

Robbie · ‎03-26-2024

Hi @Gary Larsen,

I totally misread your message earlier so I've gone back and corrected my response. Apologies.

Best Practice Tip: GlideRecord (server lookups) should not be called within a Client Script. Check the below link for further details at a later and more convenient time for yourself.

Find below Client Script with calling a GlideAjex call (best practice) and a Script include to achieve what you need.

Client Script: (onChange)

function onChange(control, oldValue, newValue, isLoading) {
    if (isLoading || newValue == '') {
        return;
    }
    var user = g_form.getValue('requested_for');

    var ga = new GlideAjax('Groupmanager');
    ga.addParam('sysparm_name', 'UserDetails');
    ga.addParam('sysparm_usr', user);
    ga.getXMLAnswer(calback);

    function calback(response) {
        var answer = JSON.parse(response); //Transform the JSON string to an object  
        g_form.setValue('requester_manager', answer.manager);
    }

}

Script Include:

var Groupmanager = Class.create();
Groupmanager.prototype = Object.extendsObject(AbstractAjaxProcessor, {

    UserDetails: function() {
        var x = this.getParameter('sysparm_usr');
        var grUser = new GlideRecord('sys_user');
        grUser.addQuery('sys_id', x);
        grUser.query();
        if (grUser.next()) {
            var obj = {};
            obj.manager = grUser.manager.toString();
             return JSON.stringify(obj);
        }
    },

    type: 'Groupmanager'
});

To help others (or for me to help you more directly), please mark this response correct by clicking on Accept as Solution and/or Helpful.

Thanks, Robbie

Best Practice Tip: Client Script Best Practices https://developer.servicenow.com/dev.do#!/guides/utah/now-platform/tpb-guide/client_scripting_techni...