- Stack Overflow for Teams Where developers & technologists share private knowledge with coworkers
- Advertising & Talent Reach devs & technologists worldwide about your product, service or employer brand
- OverflowAI GenAI features for Teams
- OverflowAPI Train & fine-tune LLMs
- Labs The future of collective knowledge sharing
- About the company Visit the blog
Collectives™ on Stack Overflow
Find centralized, trusted content and collaborate around the technologies you use most.
Q&A for work
Connect and share knowledge within a single location that is structured and easy to search.
Get early access and see previews of new features.
Populate Assignment group based on service offering and location in servicenow
I want to update the assignment group to a particular assignment group when the condition fulfills on RITM ie. service offering is xyz and location is abc, then it should update.
For example, there is one catalog item that is being raised by GETit and RITM is generated with an assignment group. I want to update that value when the matching conditions are fulfilled.
I tried using assignment rules but again it doesnt work if the field has already a value and in my case assignment group already has a value, we just need to update it.
Can someone please help me here.
- What’s setting the assignment group in the first place already? If it’s a workflow, then change the logic in the workflow to match your criteria, if it’s an assignment rule, then give your new rule a lower order so it takes precedence – Nick Parsons Commented Jun 12 at 13:16
Know someone who can answer? Share a link to this question via email , Twitter , or Facebook .
Your answer.
Reminder: Answers generated by artificial intelligence tools are not allowed on Stack Overflow. Learn more
Sign up or log in
Post as a guest.
Required, but never shown
By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy .
Browse other questions tagged servicenow or ask your own question .
- The Overflow Blog
- Where does Postgres fit in a world of GenAI and vector databases?
- Mobile Observability: monitoring performance through cracked screens, old...
- Featured on Meta
- Announcing a change to the data-dump process
- Bringing clarity to status tag usage on meta sites
- What does a new user need in a homepage experience on Stack Overflow?
- Staging Ground Reviewer Motivation
- Feedback requested: How do you use tag hover descriptions for curating and do...
Hot Network Questions
- Is this screw inside a 2-prong receptacle a possible ground?
- Memory-optimizing arduino code to be able to print all files from SD card
- AM-GM inequality (but equality cannot be attained)
- I would like to add 9 months onto a field table that is a date and have it populate with forecast date 9 months later
- What's the translation of a refeed in French?
- How is message waiting conveyed to home POTS phone
- Whence “uniform distribution”?
- What is this device in my ceiling making out of battery chirps?
- I overstayed 90 days in Switzerland. I have EU residency and never got any stamps in passport. Can I exit/enter at airport without trouble?
- What is the difference between a "Complaint for Civil Protection Order" and a "Motion for Civil Protection Order"?
- Which hash algorithms support binary input of arbitrary bit length?
- Is there a phrase for someone who's really bad at cooking?
- How much easier/harder would it be to colonize space if humans found a method of giving ourselves bodies that could survive in almost anything?
- How do eradicated diseases make a comeback?
- Is 3 Ohm resistance value of a PCB fuse reasonable?
- How can I automatically save my renders with incremental filenames in Blender?
- Displaying a text in the center of the page
- Has the US said why electing judges is bad in Mexico but good in the US?
- How to remove obligation to run as administrator in Windows?
- Who was the "Dutch author", "Bumstone Bumstone"?
- Stuck on Sokoban
- A short story about a boy who was the son of a "normal" woman and a vaguely human denizen of the deep
- Where does the energy in ion propulsion come from?
- Journal keeps messing with my proof
Allow Group Managers to Manage Group Members
I often get the request to set up access for group managers to be able to manage the members of their groups in ServiceNow. This configuration isn’t too difficult to set up but it does involve a few different pieces. It’s also important to consider your group setup in your system before allowing access in this way. If you are bringing in group memberships from a data source like LDAP for example, the last thing you want is to have your managers manually changing those group memberships within ServiceNow. The configuration shown below could be easily customized to allow access only to non-LDAP groups if you needed to do both however.
That should do it! You may also want to create a ‘Groups’ module that is available for the role that your group managers have. This will allow your group managers easy access to the groups in the system (and with a filter access to the groups that they manage).
Mark Stanger
Date Posted:
August 9, 2010
Share This:
32 Comments
I tried to add this functionality to our instance, but I’m seeing a syntax error when I add the scripts to the ACL and the Edit condition.
Problem at line 5 character 1: Expected an assignment or function call and instead saw an expression.
That’s a syntax checker issue. The record should still save though. You should also be able to get it to work (without the syntax error) by removing the last line of the script. I’ve modified the scripts above to reflect this change.
Nice, elegant solution and easy to implement. Thanks for another great tip, Mark!
Thanks for using it! It’s a lot more fun when I know that people have found a use for a solution. :)
I’ve tried to implement this in the demo site but it’s not working. Has there been any updates since Dec 2010 to make this work?
This works fine for me when I set it up on demo. Make sure you edit the existing write, delete, and create ACLs for the ‘sys_user_grmember’ table. If you follow the instructions it should work just fine.
This was awesome and works great, thanks!
I also stole this and modified it so that group members can modify information in their own group; however, I would like to restrict their access to being able to modify just two custom fields without having to create an ACL for each field. Any suggestions?
var answer = true; //Restrict access by default if(gs.hasRole(‘user_admin’) || (gs.getUser().isMemberOf(current.assignment_group))){ answer = false; //Allow access if user has ‘user_admin’ role or is a member of the current group }
You’ll probably need at least 3 total ACLs then. You’ll need one ‘sys_user_group.*’ field level ACL that locks down write permissions to the entire record – probably to everybody but admins or something. Then you could use a script like you’ve got above in a couple of field level ACLs for just those fields that you want to open up.
Finally figured out what I was doing wrong, incase someone else wants to do this. Mark is correct about needing an ACL to give write only permission by default to admin, and an ACL for each field that needs write access, or just one .* ACL if you want group members to be able to write to all fields in the group. My problem was with the script in my previous post. The correct script is as follows:
var answer = false; //Restrict access by default if(gs.getUser().isMemberOf(sys_user_group.name)){ answer = true; //Allow access if user has ‘admin’ role or is a member of the current group }
Thanks so much for these instructions – this is working great for us!. I have just 1 question in regards to your very last statement about creating a ‘Groups’ module to make it easy for managers to get to their groups. You recommend making that module available to whatever roles our managers have. In our case, managers do not have a special role…they share a role with all other IT users (similar to the itil role). Is there a way to hide/display this module in the application navigator based on whether or not they are a group manager….basically, using the same script as we’re using in the ACL’s?
var answer = false; //Restrict access by default if(gs.hasRole(‘user_admin’) || current.group.manager == gs.getUserID()){ answer = true; //Allow access if user has ‘user_admin’ role or is group manager }
thanks, Kari
Good question, and I’m glad you’re liking the solution. Unfortunately, modules can only be restricted by role. You’ll need to give your managers a separate role in order to show the module to them, but not to regular users.
Would it not be possible to restrict access to the modules through the use of a query rule, much the same was as it can be used to restrict access to applications via query. I have this running on some of our customer instances, but havent tested it on the actual modules.
Thanks Shaun
You’re correct that it’s technically possible, but the problem is that none of the structure is there to restrict access on a per-module basis based on anything but a role. The before query business rule restricts access to modules, but it doesn’t have anything to say which module to restrict access to. If you did use a before query business rule you would need to build out some additional fields, or add a bunch of clunky conditions to check the titles of the modules you wanted to restrict in a certain way. If users already have one role, then it’s usually much easier to just grant them one additional role and be done with it.
Hi Mark, I have tested this on demo.But,the user having no user_admin role can’t see the groups.So,will u please help me to sort out this issue.
Thanks Anoop
The article assumes that the managers have the ‘itil’ role. I’ve just tested this out on demo22 with ‘ITIL User’ and it works correctly. You can review the setup in that instance to get a working config.
Is there a way to modify the code, so that it looks if you are the manager of the group or a member of the group?
Sure. Take a look at the ‘isMemberOf’ method here… https://servicenowguru.com/scripting/user-object-cheat-sheet/
The general syntax in an ACL would probably be something like this…
I tried using this in my ACL script, but it is returning FALSE always even though user belongs to the group. I am trying to impersonate the user and I see this value always returning FALSE.
Thank you so much! Now our managers can modify their own group memberships!
We’ve noticed in our instance, that while users are able to add users, when they attempt to remove and save the action. Nothing changes….is that a bug?
Probably just a mis-configuration. If you can’t remove the users from the group it probably means that your delete ACL on the ‘sys_user_grmember’ table isn’t allowing access.
Mark is right – I had to add that into my ACL because I was having the same issue. Works like a charm and adding in a “My Groups” module with a filter for only stuff of which that person’s the manager is going to be so helpful!
Thanks for a beautiful solution. I tried this and created 3 ACL create, write and delete. As you suggested the script for write and delete is the same. I am trying to make the users of the groups to be able to add/delete members.
When I do edit, I am able to add but when trying to remove from the slushbucket, nothing is happening.
Can you suggest why?
Thank you. The only thing I can think of is that you’ve got some other Delete ACL on the ‘sys_user_grmember’ table that is preventing the delete. You can debug ACLs to help identify which one might be causing the problem.
I am noticing that the manager can add and remove groups from any user form. Is there a simple way to restrict using the New and Edit buttons on the related Groups tab on the User form?
I asked before taking the time to look into it. I personalized the list control on the User record for related Groups and added the role user_admin to both New roles and Edit roles. That appears to do what I want. Otherwise the manager (and presumable other itil users) could do strange things like create a new group (with all empty fields) and associate it to the user. Or even worse, they could add and remove the user to and from any other group.
Thanks for this excellent solution. Now I won’t have to be the full-time Assignment Group editor.
Thank you Shawn,
I have discovered the same. Horrible when roles are assigned to groups :-).
Could you please write on this wich version it applies to, I think it works a bit different on Eureka.
Thanks, Annette
Should work on any ServiceNow version without issue.
On the Omit Edit Condition, in Fuji release, I had to create a function around this process otherwise it was I was unable to save the form. Unfortunately, it’s still showing the edit button on every group.
function checkgroupmgr(){ var answer = true; if(gs.hasRole(‘user_admin’) || parent.manager == gs.getUserID()){ answer = false; } return answer; }
checkgroupmgr();
suggestions?
Thanks, — Adam
I’m not sure why it’s not working in your instance but I’ve never seen an issue with this and I’ve got it running in our Crossfuze production instance successfully right now. No function required and the script exactly as shown.
Comments are closed.
- Using Import Sets for REST Integration in ServiceNow August 26th, 2024
Achim says:
Jacob Kimball says:
- Announcements
- Architecture
- Business rules
- Client scripts
- Content management
- Email Notifications
- General knowledge
- Generative AI
- Graphical workflow
- Integration
- Knowledge Management
- Miscellaneous
- Performance
- Relationships
- Script includes
- Service Portal
- Single Sign-on
- System Definition
- Web Services
Related Posts
Easily Move Customer Updates Between Update Sets
Condition Builder Attributes That Pack a Punch
Demystifying Cryptography in ServiceNow: A Comprehensive Guide to Secure Data Transmission
Fresh content direct to your inbox.
Just add your email and hit subscribe to stay informed.
Since 2009, ServiceNow Guru has been THE go-to source of ServiceNow technical content and knowledge for all ServiceNow professionals.
- Using Import Sets for REST Integration in ServiceNow
- Customize the Virtual Agent Chat Button in Service Portal
- Leveraging Joins in GlideRecord Queries
© Copyright 2009 – 2024 | All Rights Reserved
Get the Reddit app
Subreddit for ServiceNow users, admins, devs, platform owners, CTOs and everything in between.
Approval Groups vs Assignment Groups
Best Practice help required here.
We have a number of tech assignment groups. Within those groups is a subset of people that can approve changes and requests.
Firstly, does anyone else have this? I'm a process owner/designer and our ServiceNow developer is saying this is a stupid way of doing things.
Secondly, does anyone have an idea of how to do this so that we can't assign incidents to the Approval group and assign Approvals to the Incident/Problem groups?
By continuing, you agree to our User Agreement and acknowledge that you understand the Privacy Policy .
Enter the 6-digit code from your authenticator app
You’ve set up two-factor authentication for this account.
Enter a 6-digit backup code
Create your username and password.
Reddit is anonymous, so your username is what you’ll go by here. Choose wisely—because once you get a name, you can’t change it.
Reset your password
Enter your email address or username and we’ll send you a link to reset your password
Check your inbox
An email with a link to reset your password was sent to the email address associated with your account
Choose a Reddit account to continue
Learning ServiceNow by Tim Woodruff
Get full access to Learning ServiceNow and 60K+ other titles, with a free 10-day trial of O'Reilly.
There are also live events, courses curated by job role, and more.
Assigned to and Assignment group
The Assigned to [assigned_to] field is a reference field type that points to the Users [sys_user] table. This field is generally used to designate a user to work on, or be responsible for the task. By default, this field has a reference qualifier (role=itil) set on its dictionary record that prevents any non-itil user from being assigned to a task. You can override this reference qualifier on tables that extend task though, as the Project Task and Service Order tables do, if you have the relevant plugins installed.
The Assignment group [assignment_group] field serves pretty much the same purpose. The reason for having both, is that a workflow might automatically assign a certain type of task ticket to a group, ...
Get Learning ServiceNow now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
Don’t leave empty-handed
Get Mark Richards’s Software Architecture Patterns ebook to better understand how to design components—and how they should interact.
It’s yours, free.
Check it out now on O’Reilly
Dive in for free with a 10-day trial of the O’Reilly learning platform—then explore all the other resources our members count on to build skills and solve problems every day.
Your browser or one of your plugins is not allowing JavaScript to be run. This is a bummer since the ServiceNow Developers Site is dynamic and depends on JavaScript to function. If you want to visit this site, please disable the plugin, activate this site for JavaScript or use another browser.
IMAGES
VIDEO
COMMENTS
Loading... Loading...
When using the [is (dynamic)] [One of My Groups] filter on a glide list referencing sys_user_group, the condition evaluates to false if the list field has more than one value.
Loading... Loading...
In the case of the 'My Groups Work' module under the 'Service Desk' application there is a function called 'getMyGroups' that is used to identify task records where the assignment group value is one of the groups for which the current user is a member. The 'getMyGroups' function simply returns an array of group sys_id values for ...
*Disclaimer: We are reviewing video content for Accessibility standards*How to determine your own, or a colleague's, assignment group.
Probably one of the easiest traps people fall under is thinking that groups somehow align to departments. Work doesn't happen in silos, work is collaborative - therefore groups should be collaborative and cross functional. ServiceNow already has a department table structure for that purpose. 5) Don't Hardcode groups.
This ServiceNow tutorial will demonstrate how to add users to an assignment group in ServiceNow. Specifically, it will demonstrate how to add user to Service...
As you can see in your image the information for the groups is stored in table sys_user_group. The information which users are assigned to which group is stored in table sys_user_grmember. So the REST query could be a GET to this URL:
I want to update the assignment group to a particular assignment group when the condition fulfills on RITM ie. service offering is xyz and location is abc, then it should update. For example, there is one catalog item that is being raised by GETit and RITM is generated with an assignment group. I want to update that value when the matching ...
Groups are a shortcut way of assigning roles to users. Rather than adding a role individually to each user, assign a role to a group. Group members have all of the roles assigned to a group. Creating Groups. To create groups, use the All menu in the main ServiceNow browser window (not Studio) to open User Administration > Groups.
Loading... Loading...
answer = true; //Allow access if user has 'user_admin' role or is group manager. } Create ACL ('sys_user_grmember') The create ACL works a little bit differently because we don't have access to 'current.group.manager' before the record is created. Because of this, you need to open up create permissions to the role that your group ...
E.g an approval group would have the type of "approval" and the resolver groups can have a type of "resolver". This then distinguishes them. Then in your "assignment_group" column on your table you can set a reference qualifier to ONLY filter down on the type of "resolver". This then prevents stuff being assigned to an approval ...
ServiceNow groups are created, and individual users are added or removed in Grouper. After a member / user is added to Grouper, ServiceNow updates the assignment group membership within an hour. Removing members from Grouper usually takes up to 72 hours before they are removed from ServiceNow.
Assigned to and Assignment group. The Assigned to [assigned_to] field is a reference field type that points to the Users [sys_user] table. This field is generally used to designate a user to work on, or be responsible for the task. By default, this field has a reference qualifier (role=itil) set on its dictionary record that prevents any non-itil user from being assigned to a task.
Loading... Loading...
In the Application Explorer, open Navigation > Application Menus > NeedIt. Examine the Roles field. Make a note of the role name. Close the Application Menu tab. Examine the role (s) for the NeedIt modules. In the Application Explorer, open Navigation > Modules > All. In the Visibility section, examine the Roles field.
NOTE: You can learn more about lists, forms, and navigation in ServiceNow in the ServiceNow Basics learning module.. Groups. System Administrators can add roles to user records. If a role is applied to a small number of users, adding the role to User records is easily done. If a role needs to be applied to thousands of User records, it can be challenging to complete the process manually.
Ticket Handling - Assignment group managers also ensure that tickets are handled correctly and in a timely manner. Tools for Assignment Group Managers. Use the My Managed Groups filter to view all the groups that you manage. See this list of Tips for Managing your ServiceNow Queue.
The assignment group change on the change of the group membership of the user assigned to the record.
A group is a set of users who share a common purpose. Groups may perform tasks such as approving change requests, resolving incidents, receiving email notifications, or performing work order tasks. Any business rules, assignment rules, system roles, or attributes that refer to the group apply to all group members automatically.
Please take note of the following points while integrating ServiceNow and IG for fulfillment: 1) Please modify the default Request Form in ServiceNow to have the Assignment Group visible. By default, it is not visible. The assignment will be showed if export the form to csv for pdf. ServiceNow admin will know how to accomplish this.
In the All menu, type User Admin. Open the User Administration > Groups module. Open the Service Desk Group record. In the Groups list header, make sure the Name column is selected in the Search field. Type the text *Service in the Search field. Click the Service Desk group record to open it for editing. Add the user role to the Service Desk group.
The requirement is to auto-populate the "Assignment Group" field present on the 'sc_req_item" table