Example script: default before-query business rule

You can use a query business rule that executes before a database query is made.

You can use a query business rule that executes before a database query is made to prevent users from accessing certain records. Consider the following example from a default business rule that limits access to incident records.
  • Name: incident query
  • Table: Incident
  • When: before, query
  • Script:
if(!gs.hasRole("itil") && gs.isInteractive()) { 
  var u = gs.getUserID(); 
  var qc = current.addQuery("caller_id",u).addOrCondition("opened_by",u).addOrCondition("watch_list","CONTAINS",u);
  gs.print("query restricted to user: " + u); }
This example prevents users from accessing incident records unless they have the itil role are listed in the Caller or Opened by field. So, for example, when self-service users open a list of incidents, they can only see the incidents they submitted.
Note: You can also use access controls to restrict the records that users can see.