Skip to main content

ServiceNow ACL role 'nobody' role - why can't you access it? and workaround

the answer is that this is a level higher than even elevated privilege - MAINT - which only ServiceNow have not the local instance admins. Will be interesting to see if ServiceNow addresses this in future releases to open up the role to sys_admins

WORKAROUND: can add a custom UI action to enable adding this 




 condition: gs.hasRole('admin')

script:

gs.getSession().setStrictQuery(true); var nobody_role = gs.getProperty('role_nobody'); var acl_role_rel = new GlideRecord('sys_security_acl_role'); acl_role_rel.get('sys_security_acl', current.sys_id); if (acl_role_rel) { acl_role_rel.sys_user_role = nobody_role; acl_role_rel.update(); } action.setRedirectURL(current);

 

 

 

 

(ServiceNow)

(Courtesy of Mohammad Nassar)

Comments

  1. I had no idea that this role even exists!! This is such a great article, thank you so much for sharing!!

    ReplyDelete

Post a Comment

Popular posts from this blog

URL link in addInfoMessage

var ga=new GlideAjax('gld_HR_ajax'); ga.addParam('sysparm_name', 'checkEmployeeNumber_hrProfile'); ga.addParam('sysparm_hrprofilenumber', g_form.getValue('number')); ga.addParam('sysparm_employeenumber', newValue); ga.getXMLAnswer(function(answer) { if (answer!='undefined' && answer!=''){ var navURL="<a style='text-decoration:underline;color:blue' href=hr_profile.do?sysparm_query=number=" + answer + ">" + answer + "</a><img width='3' src='images/s.gif'/>"; var sMsg='The employee number entered already exists on another HR Profile ' + navURL; //alert(sMsg); g_form.showErrorBox('employee_number', 'error - please check'); g_form.addInfoMessage(sMsg); } });

GlideRecord setValue

setValue(String name, Object value) Sets the specified field to the specified value. Normally a script would do a direct assignment, for example,  gr.category = value . However, if in a script the element name is a variable, then  gr.setValue(elementName, value)  can be used. When setting a value, ensure the data type of the field matches the data type of the value you enter. This method cannot be used on journal fields. If the value parameter is null, the record is not updated, and an error is not thrown https://developer.servicenow.com/app.do#!/api_doc?v=madrid&id=r_GlideRecord-setValue_String_Object