The Now Platform® Washington DC release is live. Watch now!
on 12-10-2020 08:48 PM
Check the Current Logged in Users Role from Client and Server Side
We always come across with concept of Roles available to the user or the Roles assigned to the User. as a system administrator we have the authority from ServiceNow to perform any development activity with “Admin Role.” but sometimes we need to restrict some users and that can be achieved using the ACL i.e. Access Control. The Backbone for the ACL is Role. ServiceNow Provides numerous Out of The Box Roles.
also we can create our custom Roles.one user can have multiple Roles. we are not going into the details of ACL in this Article. The Focus of this Article is how can we check the details of current user like what roles he is carrying or the role which we want, is he having that role or not?
two possible ways for this is to check it at client side or some times for customization or Modules or Application we need to check the Role in server side. both server and client Side needs JavaScript coding for that.
we will see each and every API and Method that are available in ServiceNow with practical use case implemented in my Personal Developer Instance. all these used cases are Implemented in Paris Version.
Section 1.1
Client Side:- ServiceNow Client Scripts runs on user’s Browser. Validation are performed on user side that is on the Browser itself. for that ServiceNow has Provided two important API of GlideUser i.e. g_user and GlideForm i.e. g_form
https://developer.servicenow.com/dev.do#!/reference/api/orlando/client/c_GlideUserAPI
Before we start the use case let me quickly tell you how we can check this.
We are going to perform onload client script on Incident Form. after loading the Incident we will see how the different methods behave differently and shows output. we are going to use GlideForm addInfoMessage() Method. if you want you can go for alert() also.
1.2
Use Case:- When the Incident Form Loads, we can see the current logged in user has particular role or not. The methods will return true or false.
ServiceNow Provides us Four Different Methods under the GlideUser API:-
Now we will discuss one by one about these roles:-
Section 1.3
Methods and its significance
g_user.hasRole(' ') :- this method return true if the current logged in user has the role which we have provided in (' ') section., otherwise false.it will always returns true if the user has the 'admin' role.
g_user.hasRoles():- this method return true if current logged in user has any single role atleast.
g_user.hasRoleExactly(‘ ’):- this method return true if current logged in user has role we which have provided in (' ') section.
g_user.hasRoleFromList(' ',' ',’ ’):- this method return true if current logged in user has admin role or the role/roles from the list which we have provided in (' ') section.
Check the below screen shot which I have implemented in my PDI. Follow the Same Procedure for better understanding. I have logged in as Admin.
Section 1.4
Real Time Implementation for better understanding
We have written one client script that will work as soon as form load. Declared one array named as info which will collect the details of different cases. and then for collective answer we are displaying the outputs collectively in that array object.
Create one onload client script on incident table.
Add the script as given below
Now notice the output that after the form load, you can see the information message shows true four times. check section 1.3 again if you have any query regarding the output message.
Now we will see the use case by impersonating the system. we will log in as Abel Tuter.
Now observe carefully the output window will show the false four times. this is because neither case from our script is getting satisfied by Abel Tuter.
Somebody still may have doubt that how it is possible for the 2nd case.
Check the below screenshot that Abel Tuter is just Normal End User. No other role is given to him.
This is about the Checking Role at client Side. based on this we can restrict or allow users for various operations.
in the Upcoming section we will discuss the Server Side Role Validation:-
2.1
Server Side:- This is the Case where the details of current logged in users are available in the Database. we have to fetch the details using the server side scripting. various techniques are used for server side scripting such as Business Rule, Script Include, Fix Script, Background Script.
Generally, in server side we need to check the Role for Customization of Modules or Application.
if condition is followed with ServeNow Role or Customized Role. based on that “true” or “false” further customizations are performed.
For the Server Side Scripting,the Server Side API global object of GlideSystem i.e, gs object has the methods of check the Roles.
At the server side we have one method called as gs.hasRole()
We can provide multiple role here to check the condition as gs.hasRole(‘ ’,’ ’,’ ’,’ ’);
2.2
Use Case :- as soon as the incident form is updated. we can see, there will be an informative message box that will tell whether current user has the role or not which is mentioned in script else it will tell the user’s name.
For this we have written one Before Update Business Rule which will work on update. we are passing the admin and itil role for our used case.
Let’s create the Business Rule and Scripts. Please follow the same for better understanding
As the I have i.e. current Logged in user having admin and ITIL Role,it is showing us the message.
for admin and itil role condition check, there will be OR operation in between both conditions.
Now we will Test this by impersonating with Abel Tuter. as discussed earlier. Abel Tuter is normal user,so the condition false and it shows that in the error message box.
This is the simple used case that we have implemented successfully. depends on requirement please select the adequate methods from the client side or server side.
Note:- for the beginners, there is one question in ServiceNow ITSM or System Administrator interview being always asked, "what is the difference between these Roles."
Please Read the Article, make sure you don’t get confuse. implement this in your PDI with different test cases.
also refer one of my ServiceNow Community answer Related to this:-
Link of my Other Article
Thanks !
Nice Summary 🙂
Hi
Nice Practically Implemented Article.
The details are very helpful Gaurav. Thanks
Very well explained and userful article. Thanks Gaurav !
Good explanation.... Helpful..
I commend you for your thorough work.
Well explained, really helpful.
Very informative, really helpful Article.
Useful Information... Thank you
Thanks, Gaurav. Very helpful.
thanks for sharing the knowledge its very useful and helpful
very helpful
Thanks Gaurav for brief explanation.
This is great explaination !!
Nice Explained, really useful content.
Thanks for this well explained article!
Thanks.
Please Mark Helpful.
also visit this one more below article written by me.
Thanks
Nice explanation!..
Same practiced in PDI 🙂
Thanks,
Murthy
Well, explanation with Practically Implement.
Thanks
Good Helpful!
Great Article, Thank you so much :))
Nice summary
hats off !
Explanation is very useful, but I would like to see this extended to include a specific discussion of snc_external, the role that is not a role. See KB0711977.
Cause: hasRoles() method returns false because the system considers external users to be without a role.
Resolution: This behavior is expected. snc_external or sn_customerservice.customer is a special role which is used to indicate a user is an external user. getRole() for an external user always return false since by definition an external user has no role on an instance.
Hello
Sure will add more views on this for snc_external
Gaurav Shirsat : ServiceNow Community MVP 2022
https://www.linkedin.com/in/gauravshirsat/
Very helpful, Thank you for creating such a nice article 👍
Very nicely explained with good examples