Read, write and report ACL will be created for assignment group type= IT Service

Pratiksha KC · ‎06-02-2025

I wants to create a Read, write and report ACL for assignment group type= IT Service, Exception: Admin

When agent selects any other Category/Subcategory, but the ticket is assigned to a group of type: IT Service, the ticket should ONLY be visible for members of groups that have type: IT Service.

I have created a read and write ACL: incident.*

script -

answer = false; // Deny by default

// Always allow admin

if (gs.hasRole('admin')) {

answer = true;

}

else if (current.assignment_group) {

var group = current.assignment_group.getRefRecord();

if (group.isValidRecord()) {

if (group.getValue('type') == 'fb1b6d20c3612e1052a8f8bc7a01315c') {

var gr = new GlideRecord('sys_user_grmember');

gr.addQuery('user', gs.getUserID());

gr.addQuery('group.type', 'fb1b6d20c3612e1052a8f8bc7a01315c'); // sys_id of type- IT service

gr.query();

answer = gr.hasNext();

} else {

answer = true;

}

Chaitanya ILCR · ‎06-03-2025

Hi @Pratiksha KC ,

use deny Unless type acl or query BR for this

deny unless acl

replace itil with it services in the condition

script

answer = gs.hasRole('admin') || gs.getUser().isMemberOf(current.getValue('assignment_group'));

Please mark my answer as helpful/correct if it resolves your query.

Regards,
Chaitanya

View solution in original post

Pratiksha KC · ‎06-03-2025

Thanks for the replies. @Chaitanya ILCR , @Ankur Bawiskar , @Rakesh18081

It simply worked with applies to condition. Got the solution.

View solution in original post

Ankur Bawiskar · ‎06-02-2025

@Pratiksha KC

if some ACL is allowing then your ACL even if blocks won't work

Ensure only 1 table level ACL is there and it's the one which you will work on

If my response helped please mark it correct and close the thread so that it benefits future readers.

Regards,
Ankur
✨ Certified Technical Architect || ✨ 9x ServiceNow MVP || ✨ ServiceNow Community Leader

Rakesh18081 · ‎06-03-2025

Try below code in Read ACL if this doesn't work try Query business and check access Analyzer to understand which ACL is providing the access to the user.

gs.getUser().isMemberOf(current.assignment_group) && current.assignment_group.group_type == 'IT Service'

Using Access Analyzer

If my response helped, please mark it correct and close the thread so that it benefits future readers.

Regards
Rakesh

Chaitanya ILCR · ‎06-03-2025

Hi @Pratiksha KC ,

use deny Unless type acl or query BR for this

deny unless acl

replace itil with it services in the condition

script

answer = gs.hasRole('admin') || gs.getUser().isMemberOf(current.getValue('assignment_group'));

Please mark my answer as helpful/correct if it resolves your query.

Regards,
Chaitanya

Pratiksha KC · ‎06-03-2025

Thanks for the replies. @Chaitanya ILCR , @Ankur Bawiskar , @Rakesh18081

It simply worked with applies to condition. Got the solution.

Chaitanya ILCR · ‎06-03-2025

Hi @Pratiksha KC ,

I have shared almost the same thing(deny unless type and condition)
if you feel that my post could be helpful for you in solving your issue

could you please mark it as helpful and accept it as a solution(you can accept multiple solutions 🙂)

Please mark my answer as helpful/correct if it resolves your query.

Regards,
Chaitanya