servicenow assignment group is one of my groups

• Stack Overflow for Teams Where developers & technologists share private knowledge with coworkers
• Advertising & Talent Reach devs & technologists worldwide about your product, service or employer brand
• OverflowAI GenAI features for Teams
• OverflowAPI Train & fine-tune LLMs
• Labs The future of collective knowledge sharing
• About the company Visit the blog

Collectives™ on Stack Overflow

Find centralized, trusted content and collaborate around the technologies you use most.

Q&A for work

Connect and share knowledge within a single location that is structured and easy to search.

Get early access and see previews of new features.

Populate Assignment group based on service offering and location in servicenow

I want to update the assignment group to a particular assignment group when the condition fulfills on RITM ie. service offering is xyz and location is abc, then it should update.

For example, there is one catalog item that is being raised by GETit and RITM is generated with an assignment group. I want to update that value when the matching conditions are fulfilled.

I tried using assignment rules but again it doesnt work if the field has already a value and in my case assignment group already has a value, we just need to update it.

Can someone please help me here.

• What’s setting the assignment group in the first place already? If it’s a workflow, then change the logic in the workflow to match your criteria, if it’s an assignment rule, then give your new rule a lower order so it takes precedence –  Nick Parsons Commented Jun 12 at 13:16

Know someone who can answer? Share a link to this question via email , Twitter , or Facebook .

Your answer.

Reminder: Answers generated by artificial intelligence tools are not allowed on Stack Overflow. Learn more

Sign up or log in

Post as a guest.

Required, but never shown

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy .

Browse other questions tagged servicenow or ask your own question .

• The Overflow Blog
• Where does Postgres fit in a world of GenAI and vector databases?
• Mobile Observability: monitoring performance through cracked screens, old...
• Featured on Meta
• Announcing a change to the data-dump process
• Bringing clarity to status tag usage on meta sites
• What does a new user need in a homepage experience on Stack Overflow?
• Staging Ground Reviewer Motivation
• Feedback requested: How do you use tag hover descriptions for curating and do...

Hot Network Questions

• Is this screw inside a 2-prong receptacle a possible ground?
• Memory-optimizing arduino code to be able to print all files from SD card
• AM-GM inequality (but equality cannot be attained)
• I would like to add 9 months onto a field table that is a date and have it populate with forecast date 9 months later
• What's the translation of a refeed in French?
• How is message waiting conveyed to home POTS phone
• Whence “uniform distribution”?
• What is this device in my ceiling making out of battery chirps?
• I overstayed 90 days in Switzerland. I have EU residency and never got any stamps in passport. Can I exit/enter at airport without trouble?
• What is the difference between a "Complaint for Civil Protection Order" and a "Motion for Civil Protection Order"?
• Which hash algorithms support binary input of arbitrary bit length?
• Is there a phrase for someone who's really bad at cooking?
• How much easier/harder would it be to colonize space if humans found a method of giving ourselves bodies that could survive in almost anything?
• How do eradicated diseases make a comeback?
• Is 3 Ohm resistance value of a PCB fuse reasonable?
• How can I automatically save my renders with incremental filenames in Blender?
• Displaying a text in the center of the page
• Has the US said why electing judges is bad in Mexico but good in the US?
• How to remove obligation to run as administrator in Windows?
• Who was the "Dutch author", "Bumstone Bumstone"?
• Stuck on Sokoban
• A short story about a boy who was the son of a "normal" woman and a vaguely human denizen of the deep
• Where does the energy in ion propulsion come from?
• Journal keeps messing with my proof

Allow Group Managers to Manage Group Members

I often get the request to set up access for group managers to be able to manage the members of their groups in ServiceNow. This configuration isn’t too difficult to set up but it does involve a few different pieces. It’s also important to consider your group setup in your system before allowing access in this way. If you are bringing in group memberships from a data source like LDAP for example, the last thing you want is to have your managers manually changing those group memberships within ServiceNow. The configuration shown below could be easily customized to allow access only to non-LDAP groups if you needed to do both however.

That should do it! You may also want to create a ‘Groups’ module that is available for the role that your group managers have. This will allow your group managers easy access to the groups in the system (and with a filter access to the groups that they manage).

Mark Stanger

Date Posted:

August 9, 2010

Share This:

32 Comments

I tried to add this functionality to our instance, but I’m seeing a syntax error when I add the scripts to the ACL and the Edit condition.

Problem at line 5 character 1: Expected an assignment or function call and instead saw an expression.

That’s a syntax checker issue. The record should still save though. You should also be able to get it to work (without the syntax error) by removing the last line of the script. I’ve modified the scripts above to reflect this change.

Nice, elegant solution and easy to implement. Thanks for another great tip, Mark!

Thanks for using it! It’s a lot more fun when I know that people have found a use for a solution. :)

I’ve tried to implement this in the demo site but it’s not working. Has there been any updates since Dec 2010 to make this work?

This works fine for me when I set it up on demo. Make sure you edit the existing write, delete, and create ACLs for the ‘sys_user_grmember’ table. If you follow the instructions it should work just fine.

This was awesome and works great, thanks!

I also stole this and modified it so that group members can modify information in their own group; however, I would like to restrict their access to being able to modify just two custom fields without having to create an ACL for each field. Any suggestions?

var answer = true; //Restrict access by default if(gs.hasRole(‘user_admin’) || (gs.getUser().isMemberOf(current.assignment_group))){ answer = false; //Allow access if user has ‘user_admin’ role or is a member of the current group }

You’ll probably need at least 3 total ACLs then. You’ll need one ‘sys_user_group.*’ field level ACL that locks down write permissions to the entire record – probably to everybody but admins or something. Then you could use a script like you’ve got above in a couple of field level ACLs for just those fields that you want to open up.

Finally figured out what I was doing wrong, incase someone else wants to do this. Mark is correct about needing an ACL to give write only permission by default to admin, and an ACL for each field that needs write access, or just one .* ACL if you want group members to be able to write to all fields in the group. My problem was with the script in my previous post. The correct script is as follows:

var answer = false; //Restrict access by default if(gs.getUser().isMemberOf(sys_user_group.name)){ answer = true; //Allow access if user has ‘admin’ role or is a member of the current group }

Thanks so much for these instructions – this is working great for us!. I have just 1 question in regards to your very last statement about creating a ‘Groups’ module to make it easy for managers to get to their groups. You recommend making that module available to whatever roles our managers have. In our case, managers do not have a special role…they share a role with all other IT users (similar to the itil role). Is there a way to hide/display this module in the application navigator based on whether or not they are a group manager….basically, using the same script as we’re using in the ACL’s?

var answer = false; //Restrict access by default if(gs.hasRole(‘user_admin’) || current.group.manager == gs.getUserID()){ answer = true; //Allow access if user has ‘user_admin’ role or is group manager }

thanks, Kari

Good question, and I’m glad you’re liking the solution. Unfortunately, modules can only be restricted by role. You’ll need to give your managers a separate role in order to show the module to them, but not to regular users.

Would it not be possible to restrict access to the modules through the use of a query rule, much the same was as it can be used to restrict access to applications via query. I have this running on some of our customer instances, but havent tested it on the actual modules.

Thanks Shaun

You’re correct that it’s technically possible, but the problem is that none of the structure is there to restrict access on a per-module basis based on anything but a role. The before query business rule restricts access to modules, but it doesn’t have anything to say which module to restrict access to. If you did use a before query business rule you would need to build out some additional fields, or add a bunch of clunky conditions to check the titles of the modules you wanted to restrict in a certain way. If users already have one role, then it’s usually much easier to just grant them one additional role and be done with it.

Hi Mark, I have tested this on demo.But,the user having no user_admin role can’t see the groups.So,will u please help me to sort out this issue.

Thanks Anoop

The article assumes that the managers have the ‘itil’ role. I’ve just tested this out on demo22 with ‘ITIL User’ and it works correctly. You can review the setup in that instance to get a working config.

Is there a way to modify the code, so that it looks if you are the manager of the group or a member of the group?

Sure. Take a look at the ‘isMemberOf’ method here… https://servicenowguru.com/scripting/user-object-cheat-sheet/

The general syntax in an ACL would probably be something like this…

I tried using this in my ACL script, but it is returning FALSE always even though user belongs to the group. I am trying to impersonate the user and I see this value always returning FALSE.

Thank you so much! Now our managers can modify their own group memberships!

We’ve noticed in our instance, that while users are able to add users, when they attempt to remove and save the action. Nothing changes….is that a bug?

Probably just a mis-configuration. If you can’t remove the users from the group it probably means that your delete ACL on the ‘sys_user_grmember’ table isn’t allowing access.

Mark is right – I had to add that into my ACL because I was having the same issue. Works like a charm and adding in a “My Groups” module with a filter for only stuff of which that person’s the manager is going to be so helpful!

Thanks for a beautiful solution. I tried this and created 3 ACL create, write and delete. As you suggested the script for write and delete is the same. I am trying to make the users of the groups to be able to add/delete members.

When I do edit, I am able to add but when trying to remove from the slushbucket, nothing is happening.

Can you suggest why?

Thank you. The only thing I can think of is that you’ve got some other Delete ACL on the ‘sys_user_grmember’ table that is preventing the delete. You can debug ACLs to help identify which one might be causing the problem.

I am noticing that the manager can add and remove groups from any user form. Is there a simple way to restrict using the New and Edit buttons on the related Groups tab on the User form?

I asked before taking the time to look into it. I personalized the list control on the User record for related Groups and added the role user_admin to both New roles and Edit roles. That appears to do what I want. Otherwise the manager (and presumable other itil users) could do strange things like create a new group (with all empty fields) and associate it to the user. Or even worse, they could add and remove the user to and from any other group.

Thanks for this excellent solution. Now I won’t have to be the full-time Assignment Group editor.

Thank you Shawn,

I have discovered the same. Horrible when roles are assigned to groups :-).

Could you please write on this wich version it applies to, I think it works a bit different on Eureka.

Thanks, Annette

Should work on any ServiceNow version without issue.

On the Omit Edit Condition, in Fuji release, I had to create a function around this process otherwise it was I was unable to save the form. Unfortunately, it’s still showing the edit button on every group.

function checkgroupmgr(){ var answer = true; if(gs.hasRole(‘user_admin’) || parent.manager == gs.getUserID()){ answer = false; } return answer; }

checkgroupmgr();

suggestions?

Thanks, — Adam

I’m not sure why it’s not working in your instance but I’ve never seen an issue with this and I’ve got it running in our Crossfuze production instance successfully right now. No function required and the script exactly as shown.

Comments are closed.

• Using Import Sets for REST Integration in ServiceNow August 26th, 2024

Achim says:

Jacob Kimball says:

• Announcements
• Architecture
• Business rules
• Client scripts
• Content management
• Email Notifications
• General knowledge
• Generative AI
• Graphical workflow
• Integration
• Knowledge Management
• Miscellaneous
• Performance
• Relationships
• Script includes
• Service Portal
• Single Sign-on
• System Definition
• Web Services

Related Posts

Easily Move Customer Updates Between Update Sets

Condition Builder Attributes That Pack a Punch

Demystifying Cryptography in ServiceNow: A Comprehensive Guide to Secure Data Transmission

Fresh content direct to your inbox.

Just add your email and hit subscribe to stay informed.

Since 2009, ServiceNow Guru has been THE go-to source of ServiceNow technical content and knowledge for all ServiceNow professionals.

• Using Import Sets for REST Integration in ServiceNow
• Customize the Virtual Agent Chat Button in Service Portal
• Leveraging Joins in GlideRecord Queries

© Copyright 2009 – 2024 | All Rights Reserved

Get the Reddit app

Subreddit for ServiceNow users, admins, devs, platform owners, CTOs and everything in between.

Approval Groups vs Assignment Groups

Best Practice help required here.

We have a number of tech assignment groups. Within those groups is a subset of people that can approve changes and requests.

Firstly, does anyone else have this? I'm a process owner/designer and our ServiceNow developer is saying this is a stupid way of doing things.

Secondly, does anyone have an idea of how to do this so that we can't assign incidents to the Approval group and assign Approvals to the Incident/Problem groups?

By continuing, you agree to our User Agreement and acknowledge that you understand the Privacy Policy .

Enter the 6-digit code from your authenticator app

You’ve set up two-factor authentication for this account.

Enter a 6-digit backup code

Create your username and password.

Reddit is anonymous, so your username is what you’ll go by here. Choose wisely—because once you get a name, you can’t change it.

Reset your password

Enter your email address or username and we’ll send you a link to reset your password

Check your inbox

An email with a link to reset your password was sent to the email address associated with your account

Choose a Reddit account to continue

Learning ServiceNow by Tim Woodruff

Get full access to Learning ServiceNow and 60K+ other titles, with a free 10-day trial of O'Reilly.

There are also live events, courses curated by job role, and more.

Assigned to and Assignment group

The Assigned to [assigned_to] field is a reference  field type that points to the Users [sys_user] table. This field is generally used to designate a user to work on, or be responsible for the task. By default, this field has a reference qualifier (role=itil) set on its dictionary record that prevents any non-itil user from being assigned to a task. You can override this reference qualifier on tables that extend task though, as the Project Task and Service Order tables do, if you have the relevant plugins installed.

The Assignment group [assignment_group] field serves pretty much the same purpose. The reason for having both, is that a workflow might automatically assign a certain type of task ticket to a group, ...

Get Learning ServiceNow now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Don’t leave empty-handed

Get Mark Richards’s Software Architecture Patterns ebook to better understand how to design components—and how they should interact.

It’s yours, free.

Check it out now on O’Reilly

Dive in for free with a 10-day trial of the O’Reilly learning platform—then explore all the other resources our members count on to build skills and solve problems every day.

Your browser or one of your plugins is not allowing JavaScript to be run. This is a bummer since the ServiceNow Developers Site is dynamic and depends on JavaScript to function. If you want to visit this site, please disable the plugin, activate this site for JavaScript or use another browser.