- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-05-2024 04:50 AM
Hi All,
There is a Service Account with some roles to access to almost most of the tables in platform.
I want to restrict this account to only fetch records of last 7 years, if trying to fetch before that then it will not allow.
I am testing it with postman to cross check.
I tried to setup read ACL on [task] table as below:
created relative before 7 years ago
Script:
//Service Account's sysid
answer = false;
if (gs.getUserID() != '62526fa1d701120035ae23c7ce6103c6') {
answer = true;
}
Still it is not working. I tried to deactivate the other ACLs as well but still from postman it is able to fetch the records.
Are the ACLs evaluating on incident table first and then task table? Looks like that is the case.
Also, I have tried the Data Filtration... created a new group add the service user to this group and added this group in the Subject condition:
Subject Group is 'New Group created' (Only Service user is added to this group)
Table is task
Condition: Created relative before 7 years ago
after this I tried with Postman again, but still the response is coming up with all the details.
Please suggest how to hide those records, thank you.
Mark this as Helpful / Accept the Solution if this helps.
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-05-2024 06:08 AM
Did you try on specific table such as incident rather than directly at parent level?
you can also try to use query Business rule on task table and handle this
If my response helped please mark it correct and close the thread so that it benefits future readers.
Ankur
✨ Certified Technical Architect || ✨ 9x ServiceNow MVP || ✨ ServiceNow Community Leader
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-05-2024 06:11 AM
Have you tried a before query business rule on the task table? All task tables will inherit this one. ACL's aren't inherited.
(function executeRule(current, previous /*null when async*/) {
// Get the sys_id of the user you want to restrict
var restrictedUserSysId = '62526fa1d701120035ae23c7ce6103c6';
// Check if the current user is the restricted service account
if (gs.getUserID() === restrictedUserSysId) {
// Calculate the date 7 years ago from today
var sevenYearsAgo = new GlideDateTime();
sevenYearsAgo.addYears(-7);
// Add the filter condition to limit records to the last 7 years
current.addQuery('sys_created_on', '>=', sevenYearsAgo);
}
})(current, previous);
Please mark any helpful or correct solutions as such. That helps others find their solutions.
Mark
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-05-2024 06:08 AM
Did you try on specific table such as incident rather than directly at parent level?
you can also try to use query Business rule on task table and handle this
If my response helped please mark it correct and close the thread so that it benefits future readers.
Ankur
✨ Certified Technical Architect || ✨ 9x ServiceNow MVP || ✨ ServiceNow Community Leader
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-05-2024 09:04 AM
Hi @Ankur Bawiskar ,
Yes, I did try on the child table, for example: on incident and when I was querying the same from task it was not showing the record. So, looks like if the ACL allows on child then it is not checking the parent ACL. My concern was that I have to now create ACL for every child table which I didn't want to.
Also, I tried the before query BR and it worked. Thank you.
Mark this as Helpful / Accept the Solution if this helps.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-05-2024 06:11 AM
Have you tried a before query business rule on the task table? All task tables will inherit this one. ACL's aren't inherited.
(function executeRule(current, previous /*null when async*/) {
// Get the sys_id of the user you want to restrict
var restrictedUserSysId = '62526fa1d701120035ae23c7ce6103c6';
// Check if the current user is the restricted service account
if (gs.getUserID() === restrictedUserSysId) {
// Calculate the date 7 years ago from today
var sevenYearsAgo = new GlideDateTime();
sevenYearsAgo.addYears(-7);
// Add the filter condition to limit records to the last 7 years
current.addQuery('sys_created_on', '>=', sevenYearsAgo);
}
})(current, previous);
Please mark any helpful or correct solutions as such. That helps others find their solutions.
Mark
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-05-2024 09:04 AM
Thank you Mark it is working as expected.
Mark this as Helpful / Accept the Solution if this helps.