Skip to main content

ServiceNow ACL role 'nobody' role - why can't you access it? and workaround

the answer is that this is a level higher than even elevated privilege - MAINT - which only ServiceNow have not the local instance admins. Will be interesting to see if ServiceNow addresses this in future releases to open up the role to sys_admins

WORKAROUND: can add a custom UI action to enable adding this 




 condition: gs.hasRole('admin')

script:

gs.getSession().setStrictQuery(true); var nobody_role = gs.getProperty('role_nobody'); var acl_role_rel = new GlideRecord('sys_security_acl_role'); acl_role_rel.get('sys_security_acl', current.sys_id); if (acl_role_rel) { acl_role_rel.sys_user_role = nobody_role; acl_role_rel.update(); } action.setRedirectURL(current);

 

 

 

 

(ServiceNow)

(Courtesy of Mohammad Nassar)

Comments

  1. I had no idea that this role even exists!! This is such a great article, thank you so much for sharing!!

    ReplyDelete

Post a Comment

Popular posts from this blog

Get URL Parameter - server side script (portal or classic UI)

Classic UI : var sURL_editparam = gs . action . getGlideURI (). getMap (). get ( ' sysparm_aparameter ' ); if ( sURL_editparam == 'true' ) { gs . addInfoMessage ( 'parameter passed ); } Portal : var sURL_editparam = $sp . getParameter ( " sysparm_aparameter " ); if ( sURL_editparam == 'true' ) { gs . addInfoMessage ( 'parameter passed ); }

ServiceNow - script include: build up the results as a JSON object (array) - example 2

function call var sCurrentGroupMembers = new <script_include> (). getGroupMembers ( group_sysid ); gs . print ( 'sCurrentGroupMembers:' + sCurrentGroupMembers ); var oGroupMembers = JSON . parse ( sCurrentGroupMembers ); gs . print ( JSON . stringify ( oGroupMembers . users )); oNewGroupMember = JSON . parse ( group_members ); var oGroupConfig = getGroupDeltas ( oGroupMembers . users , oNewGroupMember ); gs . print ( JSON . stringify ( oGroupConfig . remove )); gs . print ( JSON . stringify ( oGroupConfig . add )) output : *** Script: sCurrentGroupMembers: {"manager":"3b2649efdb0f8c10cc0652f3f39xxxxx", "email":"", "type":"33a2226edb99c340edfc7cbdae96xxxx", "description":"Created for xyz", "users":[{"user":"3b2649efdb0f8c10cc0652f3f396xxxx"},{"user":"856a8f71db3d73041b4ffc45ae96196a"},{"user":"3752771