Skip to main content

ServiceNow ACL role 'nobody' role - why can't you access it? and workaround

the answer is that this is a level higher than even elevated privilege - MAINT - which only ServiceNow have not the local instance admins. Will be interesting to see if ServiceNow addresses this in future releases to open up the role to sys_admins

WORKAROUND: can add a custom UI action to enable adding this 




 condition: gs.hasRole('admin')

script:

gs.getSession().setStrictQuery(true); var nobody_role = gs.getProperty('role_nobody'); var acl_role_rel = new GlideRecord('sys_security_acl_role'); acl_role_rel.get('sys_security_acl', current.sys_id); if (acl_role_rel) { acl_role_rel.sys_user_role = nobody_role; acl_role_rel.update(); } action.setRedirectURL(current);

 

 

 

 

(ServiceNow)

(Courtesy of Mohammad Nassar)

Comments

  1. Nya Valdez4 November 2022 at 20:55

    I had no idea that this role even exists!! This is such a great article, thank you so much for sharing!!

    ReplyDelete
  2. Ruen Smith12 January 2023 at 15:15

    sure! thanks for feedback

    ReplyDelete

Post a Comment

Popular posts from this blog

ServiceNow check for null or nil or empty (or not)

Haven't tested these all recently within global/local scopes, so feel free to have a play! option 1 use an encoded query embedded in the GlideRecord , e.g.  var grProf = new GlideRecord ( 'x_cls_clear_skye_i_profile' ); grProf . addQuery ( 'status=1^ owner=NULL ' ); grProf . query (); even better use the glideRecord  addNotNullQuery or addNullQuery option 2 JSUtil.nil / notNil (this might be the most powerful. See this link ) example: if ( current . operation () == 'insert' && JSUtil . notNil ( current . parent ) && ! current . work_effort . nil ())  option 3 there might be times when you need to get inside the GlideRecord and perform the check there, for example if the code goes down 2 optional routes depending on null / not null can use gs.nil : var grAppr = new GlideRecord ( 'sysapproval_approver' ); var grUser = new GlideRecord ( 'sys_user' ); if ( grUser . get ( 'sys_id' , current . approver )){...
Post a Comment
Read more

Code a pause/wait - gs.sleep or gs.wait alternative, pause script for specified seconds (timer)

Code a pause/wait - gs.sleep / gs.wait alternative, pause script for specified seconds (timer)  e.g. 10 seconds: do_sleep ( 10000 ); function do_sleep ( milliseconds ) { var start = new Date (). getTime (); for ( var i = 0 ; i < 1e7 ; i ++) { if (( new Date (). getTime () - start ) > milliseconds ){ gs . print ( 'waking up!' ); break ; } } }
Post a Comment
Read more