I have requirement Req and RITM should only visible for admin,particular group for one Catalog item
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
3 hours ago
For this i wrote 2 query business rule for Req and RITM table but for RITM is working fine.
For Req its restricting for all other catalog item not for one specific item mentioned in the code .Some pls help how to rectify it.
Req:
(function executeRule(current, previous /*null when async*/ ) {
var restrictegrp = 'sys_id'; // Restrcited group
if (gs.hasRole('admin') || gs.getUser().isMemberOf(restrictegrp)) {
return;
}
var userId = gs.getUserID();
var catItemId = 'sys_id'; // Item sys_id
current.addEncodedQuery('opened_by=' + userId + '^request_item.cat_item=' + catItemId + '^ORrequest_item.cat_item!=' + catItemId);
})(current, previous);
RITM:
(function executeRule(current, previous /*null when async*/ ) {
var restrictegrp = 'sys_id';
if (gs.hasRole('admin') || gs.getUser().isMemberOf(restrictegrp)) {
return;
}
var catItemId = 'sys_id';
var userid = gs.getUserID();
var qc = current.addQuery('cat_item', '!=', catItemId);
qc.addOrCondition('opened_by', userid);
})(current, previous);
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
2 hours ago
Hey @s_nandhini
In the Request (sc_request) table, you are querying through:
request_item.cat_item
But one REQ can contain multiple RITMs, so using:
request_item.cat_item!=catItemId
causes unexpected results and restricts other requests as well.
Your current encoded query:
opened_by=user^request_item.cat_item=catItemId
^ORrequest_item.cat_item!=catItemId
corrected Query BR for REQ:
(function executeRule(current, previous) {
var restrictegrp = 'sys_id'; // Restricted group
var catItemId = 'sys_id'; // Restricted catalog item
var userId = gs.getUserID();
// Skip restriction for admin or allowed group
if (gs.hasRole('admin') || gs.getUser().isMemberOf(restrictegrp)) {
return;
}
// Show:
// 1. All requests NOT containing restricted item
// 2. Restricted item requests only if opened by current user
var qc = current.addQuery('request_item.cat_item', '!=', catItemId);
qc.addOrCondition('opened_by', userId)
.addCondition('request_item.cat_item', catItemId);
})(current, previous);
*********************************************************************************************************
If this response helps, please mark it as Accept as Solution and Helpful.
Doing so helps others in the community and encourages me to keep contributing.
Regards
Vaishali Singh
Servicenow Developer
Linkedin - https://www.linkedin.com/in/vaishali-singh-2273361bb
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
2 hours ago
Hi,
Still Logged in user is not part of Req able to see the request for particular catalog item.
I need to restricting him not to see REQ and RITM for one particular item
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
2 hours ago
Hey @s_nandhini
Try this Query BR for sc_request:
(function executeRule(current, previous) {
var restrictegrp = 'sys_id';
var catItemId = 'sys_id';
var userId = gs.getUserID();
if (gs.hasRole('admin') || gs.getUser().isMemberOf(restrictegrp)) {
return;
}
// Hide REQ having restricted catalog item
// unless opened by logged in user
var ritm = new GlideRecord('sc_req_item');
ritm.addQuery('request', current.sys_id);
ritm.addQuery('cat_item', catItemId);
ritm.query();
if (ritm.hasNext()) {
current.addQuery('opened_by', userId);
}
})(current, previous);RITM Query BR:
(function executeRule(current, previous) {
var restrictegrp = 'sys_id';
var catItemId = 'sys_id';
var userId = gs.getUserID();
if (gs.hasRole('admin') || gs.getUser().isMemberOf(restrictegrp)) {
return;
}
current.addEncodedQuery(
'cat_item!=' + catItemId +
'^ORopened_by=' + userId
);
})(current, previous);Best practice is:
Use ACLs on:
- sc_request
- sc_req_item
Keep Query BR only for list filtering/UI behavior
ACL provides actual security enforcement.
*********************************************************************************************************
If this response helps, please mark it as Accept as Solution and Helpful.
Doing so helps others in the community and encourages me to keep contributing.
Regards
Vaishali Singh
Servicenow Developer
Linkedin - https://www.linkedin.com/in/vaishali-singh-2273361bb
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
36m ago
update BR on REQ as this
(function executeRule(current, previous /*null when async*/ ) {
var restrictedGrp = 'YOUR_GROUP_SYS_ID';
var catItemId = 'YOUR_CAT_ITEM_SYS_ID';
var userId = gs.getUserID();
if (gs.hasRole('admin') || gs.getUser().isMemberOf(restrictedGrp)) {
return;
}
var reqIds = [];
var ritmGR = new GlideRecord('sc_req_item');
ritmGR.addQuery('cat_item', catItemId);
ritmGR.setWorkflow(false);
ritmGR.query();
while (ritmGR.next()) {
reqIds.push(ritmGR.getValue('request'));
}
if (reqIds.length > 0) {
var qc = current.addQuery('opened_by', userId);
qc.addOrCondition('sys_id', 'NOT IN', reqIds.join(','));
} else {
current.addQuery('opened_by', userId);
}
})(current, previous);💡 If my response helped, please mark it as correct ✅ and close the thread 🔒— this helps future readers find the solution faster! 🙏
Ankur
✨ Certified Technical Architect || ✨ 10x ServiceNow MVP || ✨ ServiceNow Community Leader
