As a ServiceNow Developer there are many situations where you will need to check if a user is a member of a specific group.
You may be given the requirement to restrict read or write access to a field based on a user group, or to validate that the logged in user is a member of a group when a form loads.
You can accomplish these things and more in ServiceNow by using gs.getUser().isMemberOf(). This line of code is an extremely useful tool for a developer to verify group membership quickly and easily.
This article will explain what gs.getUser().isMemberOf() is in ServiceNow and demonstrate how to use it in real world scenarios. Let's get started!
First, we're going go break down gs.getUser().isMemberOf() to better understand how it works.
The first method in this line of code, gs.getUser(), will return a user object for the current logged in user. Since “gs” is the GlideSystem API, the gs.getUser() method is only available server-side, and can therefore be used in any server script including Access Controls, Business Rules, and Script Includes.
It will not be available client-side for use in Client Scripts or UI Policies.
To learn more about the basics of gs.getUser(), check out our complete guide to using gs.getUser().
The second method, isMemberOf(), takes the parameter of a group, and in this case will check if the user who is currently logged in is a member of that group.
The parameter can either be the group name or the groups sys_id.
For example, the below code will find out if the currently logged in user is a member of the 'Hardware' group (by name) and the 'ITSM Developers' group (by sys_id).
The code returns true or false based on if the user is in the group. Developers could then use the output to script some additional actions in the system. In the following example the current user is not in the 'Hardware' group, but is in the 'ITSM Developers' group.
The output would be:
Now, let’s look at some actual use cases for using gs.getUser().isMemberOf().
One common place that gs.getUser().isMemberOf() is used is in Access Control (ACL) scripts.
Developers can script a condition for Access Controls in order to control CRUD operations on a table or field. You could use gs.getUser().isMemberOf() in an ACL script to create a rule which checks the logged in user’s group membership as a condition for the access control.
The following example shows a script on a write ACL for the Channel (contact_type) field on the Incident table. The “if” statement checks if the current user is a member of the Service Desk group.
ACL scripts should return true or false and will only execute if the script evaluates to true. In this case, the script returns true if the logged in user is a member of the Service Desk group, and as a result that user will be able to write to the Channel field.
If the user is not a member of Service Desk, the field will be read only as shown below. Using gs.getUser().isMemberOf() in Access Controls is a great way to restrict table/field operations based on group membership.
As mentioned earlier, gs.getUser().isMemberOf() is part of the server-side API which means it cannot be directly used in client-side scripts.
However, as a workaround, developers can use the method in a server script and pass the value to the client. This is a clever way to be able to check the user’s group membership on a form, which can be useful in Client Scripts and UI Policies.
One way to accomplish this is to utilize gs.getUser().isMemberOf() along with g_scratchpad. Developers can use the g_scratchpad object to pass data from the server to the client.
The below example shows a Display Business Rule script on the Incident table. The rule will execute every time a form loads on the Incident table. In the script we are storing the result of gs.getUser().isMemberOf() in a g_scratchpad variable.
Remember, gs.getUser().isMemberOf() will return either true or false, and that result is what will be captured in the variable. Essentially, every time a record is displayed on the Incident table, this result will be added to the g_scratchpad object.
To access the g_scratchpad object client-side, we will utilize a Client Script.
In our example, we are using an onLoad Client Script on the Incident table. Similar to our first example, the result of gs.getUser().isMemberOf() (via g_scratchpad) can be used as a condition to determine additional actions in the system.
The “If” statement will evaluate to true or false. A use case for this could be if the condition evaluates to true (i.e. if the logged in user is a member of the Service Desk, then make some field visible)
The alert is used to show how the value appears when retrieved on the client. The following alert was triggered when the form loaded for a user who is in the Service Desk group. You can see by the result it alerts (true), that the value is now available to use on the client side. Now you can use it for whatever you may need! A few things might be
Even though gs.getUser().isMemberOf() is not available client-side, developers could use this approach to take advantage of the functionality to check group membership. Alternatively, we could have used GlideAjax and a Script Include to pass the result of gs.getUser().isMemberOf() from the server to the client.
These are just a few scenarios where Developers can utilize gs.getUser().isMemberOf().
You may be wondering how to check group membership for users who are not the logged in user. Luckily, ServiceNow provides a way to do that also.
This can be accomplished by adding the getUserByID() method to the code we’ve been discussing and then adding the user's User ID as the parameter. The getUserByID() method takes a parameter of either the User ID or the sys_id of the user.
The below script shows how to check if any user is a member of any group, regardless of if they are the currently logged in user or not.
The topics and examples discussed in this article may be some of the more common requirements that you see while working in ServiceNow.
Almost every project I've ever been on, I've had at least one story that asks for something to happen based on a users group membership. It's a great tool to have in your arsenal, and you can knock out stories faster than ever if you have a good background of it!
We hope this article has helped you understand how to use gs.getUser().isMemberOf() in ServiceNow so that you are able to utilize it in your own scripts and take advantage of it. Happy coding!