Skip to main content

ServiceNow ACL role 'nobody' role - why can't you access it? and workaround

the answer is that this is a level higher than even elevated privilege - MAINT - which only ServiceNow have not the local instance admins. Will be interesting to see if ServiceNow addresses this in future releases to open up the role to sys_admins

WORKAROUND: can add a custom UI action to enable adding this 




 condition: gs.hasRole('admin')

script:

gs.getSession().setStrictQuery(true); var nobody_role = gs.getProperty('role_nobody'); var acl_role_rel = new GlideRecord('sys_security_acl_role'); acl_role_rel.get('sys_security_acl', current.sys_id); if (acl_role_rel) { acl_role_rel.sys_user_role = nobody_role; acl_role_rel.update(); } action.setRedirectURL(current);

 

 

 

 

(ServiceNow)

(Courtesy of Mohammad Nassar)

Comments

  1. Nya Valdez4 November 2022 at 20:55

    I had no idea that this role even exists!! This is such a great article, thank you so much for sharing!!

    ReplyDelete
  2. Ruen Smith12 January 2023 at 15:15

    sure! thanks for feedback

    ReplyDelete

Post a Comment

Popular posts from this blog

URL link in addInfoMessage

var ga=new GlideAjax('gld_HR_ajax'); ga.addParam('sysparm_name', 'checkEmployeeNumber_hrProfile'); ga.addParam('sysparm_hrprofilenumber', g_form.getValue('number')); ga.addParam('sysparm_employeenumber', newValue); ga.getXMLAnswer(function(answer) { if (answer!='undefined' && answer!=''){ var navURL="<a style='text-decoration:underline;color:blue' href=hr_profile.do?sysparm_query=number=" + answer + ">" + answer + "</a><img width='3' src='images/s.gif'/>"; var sMsg='The employee number entered already exists on another HR Profile ' + navURL; //alert(sMsg); g_form.showErrorBox('employee_number', 'error - please check'); g_form.addInfoMessage(sMsg); } });
2 comments
Read more

GlideRecord setValue

setValue(String name, Object value) Sets the specified field to the specified value. Normally a script would do a direct assignment, for example,  gr.category = value . However, if in a script the element name is a variable, then  gr.setValue(elementName, value)  can be used. When setting a value, ensure the data type of the field matches the data type of the value you enter. This method cannot be used on journal fields. If the value parameter is null, the record is not updated, and an error is not thrown https://developer.servicenow.com/app.do#!/api_doc?v=madrid&id=r_GlideRecord-setValue_String_Object
2 comments
Read more