Group Manager and Secondary managers should have access to edit members to the group.

Suresh_32
Tera Expert

Group Manager and Secondary Manager should have access to edit (add/remove) members to the group(s) they own in UAT, SIT & PREPROD (not in PROD & DEV) 

Edit buttton should visible to the group managers and secondary manager in UAT, SIT AND PREPROD not in Dev and Prod instances.

I followed the below link. I was facing issue with secondary manager while doing the testing.

Solved: Group Manager should have access to edit members t... - ServiceNow Community

 

We found issue while doing testing, If Secondary Manager is having more than one manager, it is not working.

Edit button is not visible for the secondary managers.

I tried with the below code in Omit edit condition, but it is not working, please help me to resolve this issue. 

 

answer = true; // omit it
var instanceName = gs.getProperty('instance_name');

if (instanceName == 'citigroupitsmdev' || instanceName == 'citigroupitsmsit' || instanceName == 'citigroupitsmtest' || instanceName == 'citigroupitsmpreprod') {

    if (gs.hasRole('user_admin') || parent.manager == gs.getUserID()) {
        answer = false; //Show the 'Edit' button if user has 'user_admin' role or is group manager
    }
    var secMgr1 = parent.u_secondary_manager;    
    var secMgr2 = secMgr1.split(',');    
    for (var i = 0; i < secMgr2.length; i++) {        
        var secMgr3 = secMgr2[i].toString();
        if (secMgr3.trim() == gs.getUserID()) {          
            answer = false;
        }

    }
} else {
    if (gs.hasRole('user_admin')) {
        answer = false; 
    }
}

 

 

 

3 REPLIES 3

Martin Friedel
Mega Sage

Hello, 

 

try this code

answer = true; // Omit button
var instanceName = gs.getProperty('instance_name');

if (instanceName == 'citigroupitsmdev' || instanceName == 'citigroupitsmsit' || instanceName == 'citigroupitsmtest' || instanceName == 'citigroupitsmpreprod') {
    if (gs.hasRole('user_admin') || parent.manager == gs.getUserID()) {
        answer = false; // Show the 'Edit' button if user has 'user_admin' role or is group manager
    }
    var secMgr = parent.u_secondary_manager;
    var secMgrArr = secMgr1.split(',');
	var arrayUtil = new ArrayUtil();
	
	if (arrayUtil.contains(secMgrArr, gs.getUserID())) {
		answer = false; // Show button if user is secondary manager of current group
	}
} else {
    if (gs.hasRole('user_admin')) {
        answer = false;
    }
}

 

If my solution helped you, please accept it as correct and mark helpful, thank you 👍
Martin

Hi Martin,

The above code is not working, Anything i need to modify in ACL's ? 

Please find the below ACL's on sys_user_grmember table.

Read ACL :

var answer = false;
if ((gs.hasRole('user_admin')) || (current.group.manager == gs.getUserID()) || (current.group.u_secondary_manager == gs.getUserID())) {
    answer = true;
}
 
Write ACL:
var answer = false;
if ((gs.hasRole('user_admin')) || (current.group.manager == gs.getUserID()) || (current.group.u_secondary_manager == gs.getUserID())) {
    answer = true;
}
 
Delete ACL :
var answer = false;
if ((gs.hasRole('user_admin')) || (current.group.manager == gs.getUserID()) || (current.group.u_secondary_manager == gs.getUserID())) {
    answer = true;
}
 
Create ACL:
var answer =validate();

function validate(){
    if(gs.hasRole('user_admin')){
        return true;
    }else{
        var manager = current.group.manager;
        if (manager != '' && manager == gs.getUserID()) { //check in current relationship
             return true;
         }else { //check in parent relationship
            var parentManager = parent.manager;            
            var parentName = parent.name;
            if (parentManager == gs.getUserID()) {
                return true;
            }
        }
        var secondaryManager = current.group.u_secondary_manager;
        if (secondaryManager != '' && secondaryManager == gs.getUserID()) { //check in current relationship
            return true;
        }
        else { //check in parent relationship            
            var parentSecondaryManager = parent.u_secondary_manager;
            //var parentName = parent.name;
            if (parentSecondaryManager == gs.getUserID()) {
                return true;
            }
        }

    }
}

Suresh_32
Tera Expert

Hi Martin,

The above code is not working, Anything i need to modify in ACL's.

Please find the below ACL's code on sys_user_grmember table .

 

Read ACL : 

 

var answer = false;
if ((gs.hasRole('user_admin')) || (current.group.manager == gs.getUserID()) || (current.group.u_secondary_manager == gs.getUserID())) {
    answer = true;
}
 
Write ACL :
 
var answer = false;
if ((gs.hasRole('user_admin')) || (current.group.manager == gs.getUserID()) || (current.group.u_secondary_manager == gs.getUserID())) {
    answer = true;
}
 
Delete ACL :
 
var answer = false;
if ((gs.hasRole('user_admin')) || (current.group.manager == gs.getUserID()) || (current.group.u_secondary_manager == gs.getUserID())) {
    answer = true;
}
 
Create ACL :
 
var answer =validate();

function validate(){
    if(gs.hasRole('user_admin')){
        return true;
    }else{
        var manager = current.group.manager;
        if (manager != '' && manager == gs.getUserID()) { //check in current relationship
             return true;
         }else { //check in parent relationship
            var parentManager = parent.manager;            
            var parentName = parent.name;
            if (parentManager == gs.getUserID()) {
                return true;
            }
        }
        var secondaryManager = current.group.u_secondary_manager;
        if (secondaryManager != '' && secondaryManager == gs.getUserID()) { //check in current relationship
            return true;
        }
        else { //check in parent relationship            
            var parentSecondaryManager = parent.u_secondary_manager;
            //var parentName = parent.name;
            if (parentSecondaryManager == gs.getUserID()) {
                return true;
            }
        }

    }
}