User and HR Criteria for Service Catalog items - jcmings/sn GitHub Wiki

This post will detail how User Criteria and HR Criteria can be applied to items in the Service Catalog.

User Criteria

To create or modify User Criteria, go to Service Catalog > Catalog Definitions > User Criteria.

If you want to restrict a catalog item to a specific user, group, role, company, location, or department, you'll want to use User Criteria. User Criteria checks the logged-in user's sys_user record for whatever condition you specify on the criteria record. So for example, if you want to only want users in the Sales department to see a specific catalog item, you can do so by creating a User Criteria record with that denoted:

image

By adding this criteria to a catalog item, you'll be preventing users outside that department (e.g. users in the Finance department) from seeing the catalog item.

HR Criteria

Sometimes the fields on a User Criteria record aren't specific enough for your use case. For example, what if you want to only show a catalog item to users with an Employee number that starts with 12? This information is stored on the user's HR Profile. Hypothetically, you could script this into the User Criteria record (which we'll do, but not the way you're thinking), but this can become complex to maintain -- what if we want to expand the criteria to employee numbers that also start with 13? If only there was a simple way to do this without actually having to code...

Enter HR Criteria! To get started with HR Criteria, head on over to HR Administration > HR Criteria. The first thing we'll do is create a new record:

image

And then we'll set up a simple HR Condition from the related list at the bottom of that record.

image

Make sure your User column is set to User. After you create your record, make sure that your HR Condition displays in the related list on your HR Criteria record:

image

Next -- and this is a super important step -- you need to associate the HR Criteria record with a User Criteria record. To do this, click the Create User Criteria related link at the bottom of the HR Criteria record:

image

What this does is create a User Criteria record with a scripted check to your HR Criteria record. It also creates a direct link between the HR Criteria record and the User Criteria record, which will make it easier to troubleshoot in the future. (On the HR Criteria record, you should see a read-only box Related user criteria.) On the User Criteria record that was just created by clicking on that related link, you'll see the Advanced box is checked, and a script is inputted:

image

You can also manually update your User Criteria record with the script if you want. Just input this into the script box:

new sn_hr_core.hr_Criteria().evaluateById("enter_your_HR_criteria_sys_id_here", user_id);

Now, any time you need to expand the definition of your criteria, you can just update HR Conditions (don't forget to update the HR Criteria name and description if you make relevant changes).

Applying the criteria to a catalog item

Available For

Adding the criteria we just created to a catalog item is very simple. Simply navigate to the catalog item, scroll down to the Available For related list, and add in your criteria.

image

Not Available For

You may also notice a Not Available For related list. This functions in the exact opposite manner than the Available For list does; if you specify a criteria in this list, it will prevent users who meet that criteria from seeing that catalog item.

One thing to note is that the Not Available For criteria take priority over the Available For criteria. See an example below, where I've added the same criteria to both lists. (If you're wondering where this screenshot came from, the answer lies just a bit lower in this same post).

image

Testing and troubleshooting

Caching

Unfortunately, user and HR criteria are cached, meaning to effectively test if your criteria is functioning properly, you have to take an extra step. You'll either have to clear your cache, log out and back in, or stop and restart impersonating a user to ensure that the change to your criteria has registered.

User Criteria Diagnostics tool

You can also use the OOTB User Criteria Diagnostics tool (Service Catalog > Catalog Administration > User Criteria Diagnostics) to quickly check if a user is able to access a catalog item. However, the cache problem still applies on this page -- so you may have to log out & back in to ensure that the diagnostics tool is comparing against the most up-to-date criteria record.

To use the tool, simply enter a User and the Catalog item you want to check, and you'll get your answer. This will diagnose access to the Catalog item ("Parking Sticker Request"), Category ("Can We Help You?"), and Catalog ("Service Catalog"):

image

How User Criteria are evaluated

Unless you check the Match all box on the User Criteria record, the system evaluates the conditions as OR conditions. Therefore, if you have both Finance and Sales in the Department field, the check will return true if a user is in either of those departments. If you added an Advanced (scripted) condition that returned true, any checks against Department would be irrelevant.

Finding all catalog items a criteria is applied to

Because Available For and Not Available For are related lists, you can't search on those fields from the list view on the sc_cat_item table. But what you can do is search their own tables:

  • sc_cat_item_user_criteria_mtom (Available For)
  • sc_cat_item_user_criteria_no_mtom (Not Available For)

From these lists, you could group on a catalog item or a condition and see where it exists.