The Now Platform® Washington DC release is live. Watch now!

Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Can I restrict view of application module based on an attribute?

Go to solution
robpickering
ServiceNow Employee
ServiceNow Employee

‎10-24-2014 12:27 PM

I would like to restrict visibility of an Application Module based on an attribute on the sys_user table, rather than by role.

Is that possible?

I know I could create a new role and assign it to everyone I need to, but I'd prefer to use an existing attribute "u_is_manager" on my sys_user table.

-Rob

Labels:
0 Helpfuls
  • 4,153 Views
1 ACCEPTED SOLUTION

Go to solution
Michael Ritchie
ServiceNow Employee
ServiceNow Employee
In response to Michael Ritchie

‎10-26-2014 03:33 PM

OK here is some example code that may work for you.



  1. Add a new field to the sys_app_module table called Visibility (u_visibility in the database).   In my example I made it a choice with 3 values: manager, nonmanager, both.
  2. Set the appropriate values on the modules according to your requirements.
  3. Create a new business rule: System Definition\Business Rules
  4. Name: Navigation Query - or whatever you want to call it
  5. Table: Module (sys_app_module)
  6. Check Active and Advanced checkboxes
  7. When to Run: Before
  8. Check Query Box
  9. Script See below
if(!gs.hasRole("admin") && gs.getSession().isInteractive() && gs.getUserName() != "guest"){



       var qc = current.addQuery('u_visibility', "both");



       qc.addOrCondition('u_visibility', '');



       if (gs.getImpersonatingUserName() != null) {



               gs.getSession().clearClientData('navQuery');



       }



       var navQuery = gs.getSession().getClientData('navQuery');



       if (navQuery == null) {



               var isManager = gs.getUser().getRecord().getValue('u_is_manager');



               if (!isManager) {



                       qc.addOrCondition('u_visibility', 'nonmanager');



                       gs.getSession().putClientData('navQuery', 'nonmanager');



               } else {



                       qc.addOrCondition('u_visibility', 'manager');



                       gs.getSession().putClientData('navQuery', 'manager');



               }



       } else {



               qc.addOrCondition('u_visibility', navQuery);



       }



}


Explanation of the above:


  • Before query business rules are like ACLs where they can restrict access to data.   They are basically filters that are applied when a user does a query.
  • This code doesn't run if you have the admin role, if this is a web service (nonInteractive), or if the user is guest (meaning the login screen)
  • So the query doesn't run all the time, I am putting the Is Manager value into a Session variable called navQuery and use it instead of the lookup each time
  • It adds filters for the Visibility setting first and then I check to see if an admin user is impersonating someone and if so I am clearing the Session value
  • If the session value isn't set, it does a lookup to see if the user is a manager or not and sets the appropriate condition and sets the session variable.


Hopefully this makes sense.   Please reply if not as I am happy to answer questions.   I am traveling a little this week so my responses could be delayed.


View solution in original post

6 REPLIES 6

Go to solution
Kalaiarasan Pus
Giga Sage

‎10-24-2014 12:33 PM

not sure if that's possible currently ...


0 Helpfuls

Go to solution
Michael Ritchie
ServiceNow Employee
ServiceNow Employee

‎10-25-2014 03:14 PM

This is definitely possible and something I have done.   Unfortunately I don't have time to provide detailed specifics at the moment, but to summarize the solution you utilize a before query business rule on the sys_app_module table.   What I had done was created a new field on the sys_app_module table called "Visibility" and had a few choices such A, B, Both.   Then in the before query business rule I looked up a value from the user or some other record to know which visibility choice to use and either filtered the modules appropriately.



Here are some example before query business rules:


Useful Task Scripts - ServiceNow Wiki



I will post some example code later.


0 Helpfuls

Go to solution
Michael Ritchie
ServiceNow Employee
ServiceNow Employee
In response to Michael Ritchie

‎10-26-2014 03:33 PM

OK here is some example code that may work for you.



  1. Add a new field to the sys_app_module table called Visibility (u_visibility in the database).   In my example I made it a choice with 3 values: manager, nonmanager, both.
  2. Set the appropriate values on the modules according to your requirements.
  3. Create a new business rule: System Definition\Business Rules
  4. Name: Navigation Query - or whatever you want to call it
  5. Table: Module (sys_app_module)
  6. Check Active and Advanced checkboxes
  7. When to Run: Before
  8. Check Query Box
  9. Script See below
if(!gs.hasRole("admin") && gs.getSession().isInteractive() && gs.getUserName() != "guest"){



       var qc = current.addQuery('u_visibility', "both");



       qc.addOrCondition('u_visibility', '');



       if (gs.getImpersonatingUserName() != null) {



               gs.getSession().clearClientData('navQuery');



       }



       var navQuery = gs.getSession().getClientData('navQuery');



       if (navQuery == null) {



               var isManager = gs.getUser().getRecord().getValue('u_is_manager');



               if (!isManager) {



                       qc.addOrCondition('u_visibility', 'nonmanager');



                       gs.getSession().putClientData('navQuery', 'nonmanager');



               } else {



                       qc.addOrCondition('u_visibility', 'manager');



                       gs.getSession().putClientData('navQuery', 'manager');



               }



       } else {



               qc.addOrCondition('u_visibility', navQuery);



       }



}


Explanation of the above:


  • Before query business rules are like ACLs where they can restrict access to data.   They are basically filters that are applied when a user does a query.
  • This code doesn't run if you have the admin role, if this is a web service (nonInteractive), or if the user is guest (meaning the login screen)
  • So the query doesn't run all the time, I am putting the Is Manager value into a Session variable called navQuery and use it instead of the lookup each time
  • It adds filters for the Visibility setting first and then I check to see if an admin user is impersonating someone and if so I am clearing the Session value
  • If the session value isn't set, it does a lookup to see if the user is a manager or not and sets the appropriate condition and sets the session variable.


Hopefully this makes sense.   Please reply if not as I am happy to answer questions.   I am traveling a little this week so my responses could be delayed.


Go to solution
Michael Ritchie
ServiceNow Employee
ServiceNow Employee
In response to Michael Ritchie

‎11-03-2014 05:29 PM

Rob Pickering, curious if the above code addressed your requirement?


0 Helpfuls