- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Tuesday
We have purchased and installed a new application that is in its own scope. I have been asked if several users can have access to view and edit the Business Rules that are on that scope only.
I have created a custom role and applied this to the Business Rule table, but it is not working.
I suspect I am going about this wrong - can anyone help please?
Thanks
Dan
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Tuesday
Would it be good practice, to give these users the BR admin role and then creating another role BR_application - that is excluded using a Query Business rule to only the BRs in the application?
if (gs.hasRole('business_rule_editor_myapp') && !gs.hasRole('admin') && gs.getSession().isInteractive())
{
var q = current.addQuery('sys_scope=c0457e154fd283002fc1e9628110c7cf');
}
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Tuesday
Hi @Dan Brown2
- The Business Rule [sys_script] table is global/system-level metadata – it’s not just a normal table you can ACL by scope.
- Simply creating a role and adding it to ACLs on sys_script won’t work because ServiceNow also enforces application scope security and App Engine Studio delegation.
- By default, only admins or users with script-related elevated privileges can view/edit business rules.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Tuesday
so the ACL on Business rule table is created in which scope?
what debugging did you do?
If there are multiple Table.None WRITE ACL on Business rule table and even if any 1 allows then access will be granted.
If my response helped please mark it correct and close the thread so that it benefits future readers.
Ankur
✨ Certified Technical Architect || ✨ 9x ServiceNow MVP || ✨ ServiceNow Community Leader
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Tuesday
Ok thanks both for our replies - this has helped.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Tuesday
Would it be good practice, to give these users the BR admin role and then creating another role BR_application - that is excluded using a Query Business rule to only the BRs in the application?
if (gs.hasRole('business_rule_editor_myapp') && !gs.hasRole('admin') && gs.getSession().isInteractive())
{
var q = current.addQuery('sys_scope=c0457e154fd283002fc1e9628110c7cf');
}