logo

NJP

← Back to News

HR - COE Security Policies - Number of rows removed from this list by Security constraints: 20

Import · Dec 21, 2020 · article

I want to share my experience with HR > COE Security Policies.

When we implement COE Security Policies access restriction will work fine, BUT there is an issue with the User experience.

image

"User cant able see the records and it throws ACL message like above screenshot", User had to navigate to next page to view records which is the worst experience.

Most of us know, we can fix this issue by adding the "Query business rule".

If we have Query business rules in place, what is the point of having COE Security Policies?

Anyway, I just want to share my query business rule for COE Security Policies, it can help some one.

Step 1:

Create a business rule:

image

Step 2:

Add the following script:

(function executeRule(current, previous /*null when async*/) {

    var sysAdmin    =   gs.getUser().hasRole('admin');
    var hrBasic     =   gs.getUser().hasRole('sn_hr_core.basic');
    var hrAdmin     =   gs.getUser().hasRole('sn_hr_core.admin');


    /* Get logged in user COE groups */
    var userCOEGroups = [];
    var grSnHrCoreM2mSecurityPolicyGroup = new GlideRecord('sn_hr_core_m2m_security_policy_group');
    grSnHrCoreM2mSecurityPolicyGroup.addEncodedQuery("groupDYNAMICd6435e965f510100a9ad2572f2b47744");
    grSnHrCoreM2mSecurityPolicyGroup.query();
    while (grSnHrCoreM2mSecurityPolicyGroup.next()) {
        userCOEGroups.push({'sys_id':grSnHrCoreM2mSecurityPolicyGroup.getUniqueValue(),'group':grSnHrCoreM2mSecurityPolicyGroup.getValue('group'),'group_name':grSnHrCoreM2mSecurityPolicyGroup.getDisplayValue('group'),'security_policy':grSnHrCoreM2mSecurityPolicyGroup.getValue('security_policy'),'security_policy_name':grSnHrCoreM2mSecurityPolicyGroup.getDisplayValue('security_policy')})     
    }

    // gs.addInfoMessage(JSON.stringify(userCOEGroups));

    /* Build encode query */
    var userTaskType = '';
    var userCOEs = '';
    if(userCOEGroups){
        if(userCOEGroups.length){
            for (i = 0; i < userCOEGroups.length; i++) {
                // gs.addInfoMessage(i+'----i---and lenght---'+userCOEGroups.length);
                if(i == parseInt(userCOEGroups.length)-1){ //Last record
                    userCOEs += new sn_hr_core.CustomSciptIncludeUtils().getCOEbyAssignmentGroup(userCOEGroups[i].group);   
                    userTaskType += userCOEGroups[i].security_policy_name;
                    }else{
                    userCOEs += new sn_hr_core.CustomSciptIncludeUtils().getCOEbyAssignmentGroup(userCOEGroups[i].group)+',';
                    userTaskType += userCOEGroups[i].security_policy_name+'^ORsys_class_name=';
                }
            }
        }
    }

    //gs.addInfoMessage(userCOEs);

    if(hrBasic && !hrAdmin && !sysAdmin){
        current.addEncodedQuery('assignment_groupDYNAMICd6435e965f510100a9ad2572f2b47744^u_hr_coeIN'+userCOEs+"^sys_class_name="+userTaskType+"^NQwatch_listDYNAMIC90d1921e5f510100a9ad2572f2b477fe");
    }

})(current, previous);
View original source

https://www.servicenow.com/community/developer-articles/hr-coe-security-policies-number-of-rows-removed-from-this-list/ta-p/2314406