Catalog request

Gary Larsen
Mega Sage

I have catalog requests that business users can use and when they are making the request for themselves Manager look up works fine but when they try to request it for someone else the Manager look up fails in the shots Danny is the logged in user

 

GaryLarsen_0-1711471534183.png

GaryLarsen_1-1711471606399.png

looking at debugger appears the logged in user is lacking permissions to grab from user table except for there own user 

 

will include the client scripts for manager look up

GaryLarsen_2-1711471805755.png

 

GaryLarsen_3-1711471929628.png

 

2 ACCEPTED SOLUTIONS

James Chun
Kilo Patron

Hey @Gary Larsen,

 

Have you tried using the 'Auto-populate'?

On the Manager variable, configure the 'Auto-populate' tab as below:

 

JamesChun_0-1711481703308.png

 

Cheers

View solution in original post

You are absolutely right, users without any roles can access the [sys_user] record but not its fields

JamesChun_1-1711484930944.png

 

I can confirm the following read sys_user.* ACLs are applied:

  • Users can see their own sys_user record
  • User with role (hasRoles()) can see all records
  • Managers can see their subordinates' records

As 'Danny' doesn't meet any of the above, it's failing to retrieve the 'manager' field of another user.

 

I think you can do one of the following:

  • If the 'manager' variable is used only for triggering some process (e.g. approval or task), remove/hide the variable from the catalog item and retrieve the manager value with the workflow/flow or other processes that requires it.
  • Create a custom ACL

Cheers

View solution in original post

8 REPLIES 8

if the logged in user has ITIL it works fine so did my client script seems like a role issue

You are absolutely right, users without any roles can access the [sys_user] record but not its fields

JamesChun_1-1711484930944.png

 

I can confirm the following read sys_user.* ACLs are applied:

  • Users can see their own sys_user record
  • User with role (hasRoles()) can see all records
  • Managers can see their subordinates' records

As 'Danny' doesn't meet any of the above, it's failing to retrieve the 'manager' field of another user.

 

I think you can do one of the following:

  • If the 'manager' variable is used only for triggering some process (e.g. approval or task), remove/hide the variable from the catalog item and retrieve the manager value with the workflow/flow or other processes that requires it.
  • Create a custom ACL

Cheers

Gary Larsen
Mega Sage

I gave my business users the contact_user role and everything works correctly 

Robbie
Kilo Patron
Kilo Patron

Hi @Gary Larsen,

 

I totally misread your message earlier so I've gone back and corrected my response. Apologies.

Best Practice Tip: GlideRecord (server lookups) should not be called within a Client Script. Check the below link for further details at a later and more convenient time for yourself.

 

Find below Client Script with calling a GlideAjex call (best practice) and a Script include to achieve what you need.

 

Client Script: (onChange)

 

 

function onChange(control, oldValue, newValue, isLoading) {
    if (isLoading || newValue == '') {
        return;
    }
    var user = g_form.getValue('requested_for');

    var ga = new GlideAjax('Groupmanager');
    ga.addParam('sysparm_name', 'UserDetails');
    ga.addParam('sysparm_usr', user);
    ga.getXMLAnswer(calback);

    function calback(response) {
        var answer = JSON.parse(response); //Transform the JSON string to an object  
        g_form.setValue('requester_manager', answer.manager);
    }

}

 

 

 

Script Include:

 

 

var Groupmanager = Class.create();
Groupmanager.prototype = Object.extendsObject(AbstractAjaxProcessor, {

    UserDetails: function() {
        var x = this.getParameter('sysparm_usr');
        var grUser = new GlideRecord('sys_user');
        grUser.addQuery('sys_id', x);
        grUser.query();
        if (grUser.next()) {
            var obj = {};
            obj.manager = grUser.manager.toString();
             return JSON.stringify(obj);
        }
    },

    type: 'Groupmanager'
});

 

 

 

To help others (or for me to help you more directly), please mark this response correct by clicking on Accept as Solution and/or Helpful.

 

Thanks, Robbie

 

Best Practice Tip: Client Script Best Practices https://developer.servicenow.com/dev.do#!/guides/utah/now-platform/tpb-guide/client_scripting_techni...