Users with Specific Roles or Managed Group have access to Create, Update and Delete CI Relationships

KoyaJ
Tera Contributor

6 hours ago - last edited 6 hours ago

I have a requirement where users who either have specific roles (u_cmdb_mgmt, asset) or are members of a CI's managed group should be able to create, update, and delete CI relationships in the CMDB.

I've implemented a script that checks for these conditions and enables the relationship (+) button on the CI form. However, when I try to create and submit a new relationship, I receives an error  "User not authorized to add relationships"

Here’s what I’ve done so far:

  • Script checks if the user has the required roles or is part of the CI’s managed group.
  • The (+) button appears as expected.
  • Error occurs when submitting the relationship.

My question:
What additional permissions or ACL configurations are needed to allow these users to create, update, and delete CI relationships? Is there something I’m missing in the script or in the ServiceNow configuration?

KoyaJ_0-1758013207150.png

Script:

(function() {

    if (gs.hasRole('u_cmdb_mgmt') || gs.hasRole('asset'))  {
        answer = true;
    }
    var userID = gs.getUserID();
    answer = isUserInManagedGroup(current.parent);
    function isUserInManagedGroup(ciSysId) {
        var ci = new GlideRecord('cmdb_ci');
        if (ci.get(ciSysId) && ci.managed_by_group) {
            var groupMember = new GlideRecord('sys_user_grmember');
            groupMember.addQuery('group', ci.managed_by_group);
            groupMember.addQuery('user', userID);
            groupMember.query();
            if (groupMember.hasNext()) {
                return true;
            }
        }
        return false;
    }
0 Helpfuls
  • 150 Views
7 REPLIES 7

Nehal Dhuri
Mega Sage
In response to KoyaJ

4 hours ago

I think you should create, read, update, delete ACL for relationship table by including these roles

Please hit like and mark my response as correct if that helps
0 Helpfuls

Bhuvan
Kilo Patron

5 hours ago - last edited 5 hours ago

@KoyaJ 

 

You are trying to add relationship in cmdb_rel_ci table, check if the user has necessary Create/Update/Delete permissions. If not, create ACLs to allow the operations for the role and it should work.

Bhuvan_0-1758016109349.png

If this helped to answer your query, please mark it helpful & accept the solution.

 

Thanks,

Bhuvan

0 Helpfuls

KoyaJ
Tera Contributor
In response to Bhuvan

3 hours ago

KoyaJ_0-1758022163221.png

I have created an ACL written the custom script. Attached the screenshot 

0 Helpfuls