Group Manager and Secondary managers should have access to edit members to the group.

Suresh_32 · ‎02-24-2025

Group Manager and Secondary Manager should have access to edit (add/remove) members to the group(s) they own in UAT, SIT & PREPROD (not in PROD & DEV)

Edit buttton should visible to the group managers and secondary manager in UAT, SIT AND PREPROD not in Dev and Prod instances.

I followed the below link. I was facing issue with secondary manager while doing the testing.

Solved: Group Manager should have access to edit members t... - ServiceNow Community

We found issue while doing testing, If Secondary Manager is having more than one manager, it is not working.

Edit button is not visible for the secondary managers.

I tried with the below code in Omit edit condition, but it is not working, please help me to resolve this issue.

answer = true; // omit it
var instanceName = gs.getProperty('instance_name');

if (instanceName == 'citigroupitsmdev' || instanceName == 'citigroupitsmsit' || instanceName == 'citigroupitsmtest' || instanceName == 'citigroupitsmpreprod') {

if (gs.hasRole('user_admin') || parent.manager == gs.getUserID()) {
answer = false; //Show the 'Edit' button if user has 'user_admin' role or is group manager
}
var secMgr1 = parent.u_secondary_manager;
var secMgr2 = secMgr1.split(',');
for (var i = 0; i < secMgr2.length; i++) {
var secMgr3 = secMgr2[i].toString();
if (secMgr3.trim() == gs.getUserID()) {
answer = false;
}

}
} else {
if (gs.hasRole('user_admin')) {
answer = false;
}
}

Martin Friedel · ‎02-24-2025

Hello,

try this code

answer = true; // Omit button
var instanceName = gs.getProperty('instance_name');

if (instanceName == 'citigroupitsmdev' || instanceName == 'citigroupitsmsit' || instanceName == 'citigroupitsmtest' || instanceName == 'citigroupitsmpreprod') {
    if (gs.hasRole('user_admin') || parent.manager == gs.getUserID()) {
        answer = false; // Show the 'Edit' button if user has 'user_admin' role or is group manager
    }
    var secMgr = parent.u_secondary_manager;
    var secMgrArr = secMgr1.split(',');
	var arrayUtil = new ArrayUtil();
	
	if (arrayUtil.contains(secMgrArr, gs.getUserID())) {
		answer = false; // Show button if user is secondary manager of current group
	}
} else {
    if (gs.hasRole('user_admin')) {
        answer = false;
    }
}

If my solution helped you, please accept it as correct and mark helpful, thank you 👍
Martin

Suresh_32 · ‎02-24-2025

Hi Martin,

The above code is not working, Anything i need to modify in ACL's ?

Please find the below ACL's on sys_user_grmember table.

Read ACL :

var answer = false;

if ((gs.hasRole('user_admin')) || (current.group.manager == gs.getUserID()) || (current.group.u_secondary_manager == gs.getUserID())) {

answer = true;

}

Write ACL:

var answer = false;

if ((gs.hasRole('user_admin')) || (current.group.manager == gs.getUserID()) || (current.group.u_secondary_manager == gs.getUserID())) {

answer = true;

}

Delete ACL :

var answer = false;

if ((gs.hasRole('user_admin')) || (current.group.manager == gs.getUserID()) || (current.group.u_secondary_manager == gs.getUserID())) {

answer = true;

}

Create ACL:

var answer =validate();

function validate(){

if(gs.hasRole('user_admin')){

return true;

}else{

var manager = current.group.manager;

if (manager != '' && manager == gs.getUserID()) { //check in current relationship

return true;

}else { //check in parent relationship

var parentManager = parent.manager;

var parentName = parent.name;

if (parentManager == gs.getUserID()) {

return true;

}

var secondaryManager = current.group.u_secondary_manager;

if (secondaryManager != '' && secondaryManager == gs.getUserID()) { //check in current relationship

return true;

}

else { //check in parent relationship

var parentSecondaryManager = parent.u_secondary_manager;

//var parentName = parent.name;

if (parentSecondaryManager == gs.getUserID()) {

return true;

}

Suresh_32 · ‎02-24-2025

Hi Martin,

The above code is not working, Anything i need to modify in ACL's.

Please find the below ACL's code on sys_user_grmember table .

Read ACL :

var answer = false;

if ((gs.hasRole('user_admin')) || (current.group.manager == gs.getUserID()) || (current.group.u_secondary_manager == gs.getUserID())) {

answer = true;

}

Write ACL :

var answer = false;

if ((gs.hasRole('user_admin')) || (current.group.manager == gs.getUserID()) || (current.group.u_secondary_manager == gs.getUserID())) {

answer = true;

}

Delete ACL :

var answer = false;

if ((gs.hasRole('user_admin')) || (current.group.manager == gs.getUserID()) || (current.group.u_secondary_manager == gs.getUserID())) {

answer = true;

}

Create ACL :

var answer =validate();

function validate(){

if(gs.hasRole('user_admin')){

return true;

}else{

var manager = current.group.manager;

if (manager != '' && manager == gs.getUserID()) { //check in current relationship

return true;

}else { //check in parent relationship

var parentManager = parent.manager;

var parentName = parent.name;

if (parentManager == gs.getUserID()) {

return true;

}

var secondaryManager = current.group.u_secondary_manager;

if (secondaryManager != '' && secondaryManager == gs.getUserID()) { //check in current relationship

return true;

}

else { //check in parent relationship

var parentSecondaryManager = parent.u_secondary_manager;

//var parentName = parent.name;

if (parentSecondaryManager == gs.getUserID()) {

return true;

}