How to Restrict 7 years ago data to a Service Account

Go to solution
SN_Learn
Kilo Patron
Kilo Patron

‎08-05-2024 04:50 AM

Hi All,

 

There is a Service Account with some roles to access to almost most of the tables in platform.

I want to restrict this account to only fetch records of last 7 years, if trying to fetch before that then it will not allow.

I am testing it with postman to cross check.

 

I tried to setup read ACL on [task] table as below:

created relative before 7 years ago

Script:

//Service Account's sysid

answer = false;
if (gs.getUserID() != '62526fa1d701120035ae23c7ce6103c6') {
    answer = true;
}

 

Still it is not working. I tried to deactivate the other ACLs as well but still from postman it is able to fetch the records.

Are the ACLs evaluating on incident table first and then task table? Looks like that is the case.

 

Also, I have tried the Data  Filtration... created a new group add the service user to this group and added this group in the Subject condition:

Subject Group is 'New Group created' (Only Service user is added to this group)

Table is task

Condition: Created relative before 7 years ago

 

after this I tried with Postman again, but still the response is coming up with all the details.

 

Please suggest how to hide those records, thank you.

----------------------------------------------------------------
Mark this as Helpful / Accept the Solution if this helps.
0 Helpfuls
  • 485 Views
2 ACCEPTED SOLUTIONS

Go to solution
Ankur Bawiskar
Tera Patron
Tera Patron

‎08-05-2024 06:08 AM

@SN_Learn 

Did you try on specific table such as incident rather than directly at parent level?

you can also try to use query Business rule on task table and handle this

If my response helped please mark it correct and close the thread so that it benefits future readers.

Regards,
Ankur
Certified Technical Architect  ||  9x ServiceNow MVP  ||  ServiceNow Community Leader

View solution in original post

0 Helpfuls

Go to solution
Mark Manders
Mega Patron

‎08-05-2024 06:11 AM

Have you tried a before query business rule on the task table? All task tables will inherit this one. ACL's aren't inherited.

(function executeRule(current, previous /*null when async*/) {
    // Get the sys_id of the user you want to restrict
    var restrictedUserSysId = '62526fa1d701120035ae23c7ce6103c6';

    // Check if the current user is the restricted service account
    if (gs.getUserID() === restrictedUserSysId) {
        // Calculate the date 7 years ago from today
        var sevenYearsAgo = new GlideDateTime();
        sevenYearsAgo.addYears(-7);

        // Add the filter condition to limit records to the last 7 years
        current.addQuery('sys_created_on', '>=', sevenYearsAgo);
    }

})(current, previous);

 


Please mark any helpful or correct solutions as such. That helps others find their solutions.
Mark

View solution in original post

0 Helpfuls
4 REPLIES 4

Go to solution
Ankur Bawiskar
Tera Patron
Tera Patron

‎08-05-2024 06:08 AM

@SN_Learn 

Did you try on specific table such as incident rather than directly at parent level?

you can also try to use query Business rule on task table and handle this

If my response helped please mark it correct and close the thread so that it benefits future readers.

Regards,
Ankur
Certified Technical Architect  ||  9x ServiceNow MVP  ||  ServiceNow Community Leader
0 Helpfuls

Go to solution
SN_Learn
Kilo Patron
Kilo Patron
In response to Ankur Bawiskar

‎08-05-2024 09:04 AM

Hi @Ankur Bawiskar ,

 

Yes, I did try on the child table, for example: on incident and when I was querying the same from task it was not showing the record. So, looks like if the ACL allows on child then it is not checking the parent ACL. My concern was that I have to now create ACL for every child table which I didn't want to.

 

Also, I tried the before query BR and it worked. Thank you.

----------------------------------------------------------------
Mark this as Helpful / Accept the Solution if this helps.
0 Helpfuls

Go to solution
Mark Manders
Mega Patron

‎08-05-2024 06:11 AM

Have you tried a before query business rule on the task table? All task tables will inherit this one. ACL's aren't inherited.

(function executeRule(current, previous /*null when async*/) {
    // Get the sys_id of the user you want to restrict
    var restrictedUserSysId = '62526fa1d701120035ae23c7ce6103c6';

    // Check if the current user is the restricted service account
    if (gs.getUserID() === restrictedUserSysId) {
        // Calculate the date 7 years ago from today
        var sevenYearsAgo = new GlideDateTime();
        sevenYearsAgo.addYears(-7);

        // Add the filter condition to limit records to the last 7 years
        current.addQuery('sys_created_on', '>=', sevenYearsAgo);
    }

})(current, previous);

 


Please mark any helpful or correct solutions as such. That helps others find their solutions.
Mark
0 Helpfuls

Go to solution
SN_Learn
Kilo Patron
Kilo Patron
In response to Mark Manders

‎08-05-2024 09:04 AM

Thank you Mark it is working as expected.

----------------------------------------------------------------
Mark this as Helpful / Accept the Solution if this helps.
0 Helpfuls