Restrict access

  • Release version: Xanadu
  • Updated August 1, 2024
  • 2 minutes to read

    • Service Catalog enables an administrator to grant or deny access to a service catalog item or category by company, department, group, user, or location.

    Before you begin

    Role required: admin

    Procedure

    1. Navigate to All > Service Catalog > Maintain Items or Service Catalog > Maintain Categories.
    2. Open the relevant catalog item or category.
    3. Configure the form to add the appropriate Available or Not available lists.
      Figure 1. Access Control
      access control
    4. Add the companies, departments, groups, users, or locations to the appropriate list.
    5. Click Update.

    Restrict access by role

    By default, individual catalog items and categories do not have access restrictions.

    Before you begin

    Role required: admin

    About this task

    Administrators can grant or deny access to a service catalog item or category based on role.

    Procedure

    1. Navigate to All > Service Catalog > Maintain Items or Service Catalog > Maintain Categories.
    2. Open the relevant catalog item or category.
    3. Add the required roles to the Roles field.
      You can, if needed, Configure the form or change to Default View to see the Roles field.
      Figure 2. Roles Granted
      roles granted

    Restrict access by a script

    Service Catalog enables you to control access to a service catalog item or category with a custom script.

    Before you begin

    Role required: admin

    Procedure

    1. Navigate to All > Service Catalog > Maintain Items or Service Catalog > Maintain Categories.
    2. Open the relevant catalog item or category.
    3. Configure the form to add the Entitlement Script field.
      Figure 3. Entitlement Script
      entitlement script
    4. In the Entitlement Script field, enter the access control script.

      Sample Scripts:

      The following example script grants access to a catalog item named French Blackberry to users with a language of Fr (French):
      gs.log ( 'Running Entitlement script for French Blackberry' ) ;
 
 if (gs. getUser ( ). getLanguage ( ) == 'fr' ) 
    answer = true ; else 
    answer = false ;
 
answer ;
      The following example script could be used to distinguish between two categories of users (one with full access and one with restricted access) on the catalog of services:
      var userid  = gs. getUserID ( ) ; var now_GR  = new GlideRecord ( 'sys_user' ) ; 
now_GR. get ( 'sys_id' , userid ) ; 
 
 if (now_GR. source )
    answer = true ; else
    answer = false ; 
 
answer ;
      Overriding Entitlement Scripts by Role
      1. Navigate to Service Catalog > Properties.
      2. Enter the roles for which to override the entitlement script (grant access) in the property List of roles (comma-separated) that can override normal entitlement checking inside the catalog. An itil role of "itil" means that the itil role can order any catalog item, even one protected by entitlement restrictions.