Restrict ITIL users from accessing tickets with business service "X" unless they created the ticket

j0e matts
Tera Contributor

Hi Everyone,

 

I wanted to created a Business Rule to Restrict all ITIL users from accessing tickets with business service "X" only users that is a member of Group X should have visibility to this tickets. Also, if the ticket with business service "X" is created by an ITIL user he/she should only be able to see his ticket. Tricky part is the ITIL user should have access to all other tickets except those with business service "X".

 

I have created a business rule which is below, however the ITIL user is only able to see tickets assigned to him, to his group or ticket he has opened. He is not able to see all other tickets.

var u = gs.getUserID();

if((!u.isMemberOf(current.assignment_group) && current.caller_id != u && current.opened_by != u) && gs.getSession().isInteractive())

{

var q = current.addQuery('assignment_group', getMyGroups()).addOrCondition('caller_id', u).addOrCondition('opened_by', u).addOrCondition("watch_list", "CONTAINS", u);  

}

 

I also created another BR, but this totally restricted the ITIL user from accessing even the ticket he has created.

var grp = current.addNullQuery('business_service').addOrCondition('business_service', '!=', 'X');

 

Thank you very much in advance for those who can help!!Appreciate it.

3 REPLIES 3

Saurav11
Kilo Patron
Kilo Patron

Hello,

 

In the condition add the below:-

 

gs.getSession().isInteractive() && gs.hasRole("itil")

 

In the BR please add the below line in the condition field:-

 

Add the below code in your BR  and change the sysid in with the sysid of X:-

 

(function executeRule(current, previous /*null when async*/) {

gs.addInfoMessage('test');
var u=gs.getUserID();
current.addEncodedQuery('business_service=26e426be0a0a0bb40046890d90059eaa^opened_by='+u+'^NQbusiness_service!=26e426be0a0a0bb40046890d90059eaa');
})(current, previous);

 

Saurav11_0-1703073539480.png

 

Please mark my answer as correct based on impact.

Hi,

Thank you very much for your response.

I tested and seemed to be working however there's discrepancy when I checked the records.

On Incident Table...

Without the BR activated, the ITIL user can see 321,036 incident records.

With BR activated, the ITIL user can see 211,864 incident records.

But there's only 1 ticket with business_service = "X" so the incident records should only be 321,035.

There's 109,172 records that are suddenly missing. hmmmm....

j0e matts
Tera Contributor

Can this be achieved via ACL or User Criteria? ... I have a predecessor developer who was able to achieve this and was able to filter our tickets with business service = "W".

I tested and the ITIL user was able to see only his ticket with business service =W but not other tickets with business server = W and he is still able to view all other records.

I couldn't find the predecessors update set, or stories, or ACL, BR's he previously made so I couldn't trace it back.

But I will look into the logs again but please feel free to comment where else should I check.

Thanks for those who will reply! 

j0ematts_0-1703127643355.png