Getint: Where every ticket finds it's place.
Support portalCase studiesSchedule a demo
  • Welcome to the Getint Documentation Hub
  • Getting started with Getint
    • About Getint / Concepts
      • How Getint works (how it syncs the data)
      • Onboarding
      • What is a Connection?
      • What Are Runs
      • One-directional / Bi-directional integration
      • Migration vs Integration
      • How Integrations Are Executed By Getint
    • Starting the Free Trial and Accessing the Getint App
      • Selecting the Correct app per license
      • How do I extend the trial of getint.io?
      • Jira Access and User Management
    • Deployment options
      • Getint for Jira Data Center / Jira Server
        • Getint Jira Server / Jira Data Center App (native)
        • Getint for Jira Data Center / Jira Server - Architecture
      • Getint for Jira Cloud
      • Getint On-Premise
        • Architecture
        • Installation
          • How to Install Getint On-Premise in Windows Server
          • On-Premise/Standalone Guide
        • Updating On-Premise
        • Cluster High Availability
    • Prepare for the integration
      • Understanding the difference between platforms you integrate
      • One-to-One, One-to-Many, and Many-to-Many integration
      • Simplifying Workflow Sync with Getint: Jira
    • Connectors
      • Jira
      • Asana
      • Azure DevOps
      • Freshdesk
      • GitLab
      • HubSpot
      • Monday.com
      • Notion
      • Salesforce
      • ServiceNow
      • Zendesk
  • Guides
    • Quickstart
      • Integration
      • Connection
    • Integration Guides
      • How to Map Fields
      • How to create a custom field in all supported software
      • Git Repository integration
        • Git Connector - Azure DevOps
        • Git Connector - GitHub
        • Git Connector - GitLab
      • Azure DevOps Asana integration
      • Jira Airtable integration
      • Jira Asana integration
        • Jira - Asana: Subtasks synchronization
      • Jira Azure DevOps integration
        • How to Setup a Connection with Azure DevOps On-Premise
        • Jira - Azure DevOps: Epics and Subtasks Synchronization
        • Syncing Dependencies between Jira and Azure DevOps using Getint
      • Jira ClickUp integration
      • Jira Freshdesk integration
      • Jira Freshservice integration
      • Jira GitHub integration
      • Jira GitLab integration
        • Attachments Sync in GitLab Integration
      • Jira HubSpot integration
      • Jira Jira integration
        • Jira Jira licensing
        • Time Tracking in Getint – One-Way Synchronization
      • Jira Monday.com integration
        • Synchronizing Attachments in a Monday.com Integration
        • How to Insert Monday.com Items into Specific Groups Using Getint
      • Jira Notion integration
      • Jira Salesforce integration
        • Salesforce OAuth Authentication
      • Jira ServiceNow integration
        • Creating a ServiceNow User for Getint Integration
        • ServiceNow OAuth authentication
        • Creating a Custom Field in ServiceNow
        • How to Restrict "Incident" Data to Specific 3rd Party Companies
        • How to Restrict Access to Specific Tables for Integration
        • REST API requests list
      • Jira Trello integration
      • Jira Wrike integration
      • Jira Zendesk integration
        • How to Manually Provide Zendesk Organization ID and Name
    • Migration Guides
      • Migrating Data with Getint
      • Migration support, and onboarding
      • Jira to Jira migration
      • Asana to Jira migration
      • Azure DevOps to Jira migration
      • GitLab to Jira migration
      • Jira to Monday.com Migration
      • Jira Zendesk migration
  • Using Getint
    • Core Features of Getint
    • Workflows
      • Type Mapping
      • Integrations List
      • Configuring Your Data Sync: Bidirectional and Unidirectional Options
      • Syncing Attachments
      • Hierarchy
      • Assignees (users) mapping
      • Mapping Labels
      • Filtering Items for Integration in Getint
        • Troubleshooting Sync Issues: Unmet Filter Conditions
        • How to Filter Comments
        • Filtering by Assignment Group and Status
      • Shared Mappings in Getint – Centralized Mapping for Efficient Integrations
      • How to Use JQL Filters for Jira Integrations
      • Integration status
      • Storing counterpart link in the task comment
      • Storing Reference IDs/URLs Across Integrations
    • Connections
      • Troubleshooting Getint Integration Connectivity Issues
      • Permissions Issue: Status Code 500
      • Editing Connections for Existing Integrations
      • Changing the URL or Transitioning Between Instances
      • Debugging Connections in Getint: How to Troubleshoot and Resolve Issues
    • Quick Build
    • Reporting
    • Notifications
    • Request type issue on Jira Service Management how to select and work with it
    • Integrating one project with many: Streamlining synchronization across multiple projects.
      • One to Many Project - El Ride Use Case
    • Transition Fields
    • Resync and Hard Resync
    • Synchronizing Existing Items on Both Sides
    • Handling Syncs for Deleted Items
    • Advanced Scripting
    • Platform Release History
      • Getint Version 1.82
      • Getint Version 1.81
      • Getint Version 1.80
      • Getint Version 1.79
      • Getint Version 1.78
      • Getint Version 1.77
      • Getint Version 1.76
      • Getint Version 1.75
      • Getint Version 1.74
      • Getint Version 1.73
      • Getint Version 1.72
      • Getint Version 1.71
      • Getint Version 1.70
      • Getint Version 1.69
      • Getint Version 1.68
      • Getint Version 1.67
      • Getint Version 1.66
      • Getint Version 1.65
      • Getint Version 1.64
    • Settings
      • Data Storage
      • Sharing Access Permission
      • How to Override Getint Behavior Using Custom Properties
  • Support, legal & others
    • FAQ
      • Technical FAQ
      • Security FAQ
    • Troubleshooting Guide for Getint Users
      • Resolving Error 500 in Jira ServiceNow Integration
      • Locating Your Instance ID for Support
      • Connection Error: Certification Path Failed/PKIX Path Building Failed
      • Error: Field '<field-name>' cannot be set. It is not on the appropriate screen, or unknown
      • Connection timed out error
      • Troubleshooting: Integration Task Retrieval Error
      • Upgrade to newest version from version lower than 1.52
      • Debug Requests Feature
      • Troubleshooting: Resolving Hanging Integration Runs in Getint
      • Troubleshooting License Issues in Getint
    • Security and compliance
    • Support / SLA
    • Privacy & Security
      • Data Residency with Getint
    • Procurement & Legal
      • Enhanced Support for Vendor Onboarding and Security Assessments
      • EULA
      • Privacy policy
  • Billing & Services
    • Transparent and User-Friendly Pricing
    • Consulting and Custom Development
    • Understanding Getint Licensing and Pricing
      • How to pay for the apps
      • Migrations
      • Network License
      • Jira-Jira Licensing Model
      • Partners
      • Seamless Transition Offer: Migrate from Competitors to Getint with Exclusive Benefits
  • Use cases
  • Pricing Comparison: Getint vs. Alternatives
  • Battlecards (getint.io vs competitors)
  • Free migration from ConnectAll, Backbone, Exalate, Unito, Workato, TFS4JIRA and other tools
  • Anything missing? Getint is feedback driven
Powered by GitBook
On this page
  • Who is this tutorial for?
  • Use Case
  • How does it work?
  • Summary

Was this helpful?

  1. Guides
  2. Integration Guides
  3. Jira ServiceNow integration

How to Restrict "Incident" Data to Specific 3rd Party Companies

PreviousCreating a Custom Field in ServiceNowNextHow to Restrict Access to Specific Tables for Integration

Last updated 6 months ago

Was this helpful?

Who is this tutorial for?

This tutorial is for users integrating multiple 3rd parties (e.g., multiple companies using Jira) with ServiceNow, and you want to ensure that each company only sees their relevant data.

Use Case

The examples here are based on the Incident type in ServiceNow. However, you can apply the same logic to other types like Change Request, Requested Item, Incident Task, etc.

If your ServiceNow instance is integrated with multiple 3rd party companies using Jira, this setup ensures that each company only sees the data associated with their Assignment Group in the Getint integration.

Important: When creating an Incident in ServiceNow, always specify the Assignment Group field.

How does it work?

  • Incident 1 created in ServiceNow with Assignment Group: company1 will result in Getint creating a Bug in company1's Jira.

  • Incident 2 created in ServiceNow with Assignment Group: company2 will result in Getint creating a Bug in company2's Jira.

  • Incident 3 created in ServiceNow without an Assignment Group will not create any Bug in Jira, even if the integration is enabled.

When a Bug is created in Jira by company1 or company2:

  • Getint automatically creates a corresponding Incident in ServiceNow with the appropriate Assignment Group matching the company (e.g., company1 or company2).

Quick Steps

  • Create an Assignment Group in ServiceNow (e.g., company1).

  • Create a user with the username company1 and assign the roles: getint, sn_incident_read, sn_incident_write.

  • Add Business Rules for incidents (and other relevant types) to restrict access (Insert, Update, Read) based on the Assignment Group and username.

  • Add Business Rules to ensure that each company only uses its own Assignment Group.

Step 1: Create an Assignment Group in ServiceNow

To ensure that each company only has access to its own Incidents and data, first create an Assignment Group in ServiceNow.

  • Go to User Administration > Groups.

  • Create a new Assignment Group.

  • Name the group (e.g., company1).

Step 2: Create a ServiceNow User for Each Company

For tutorial purposes, the Assignment Group name should match the username for the integration user. Of course, it is possible to use any assignment group but, in such case, scripts defined below will have to be adjusted.

  • Go to User Administration > Users and create a new user (e.g., company1).

  • Set the User ID to company1.

  • Set the password for the user.

  • Assign the roles: getint, sn_incident_read, sn_incident_write. If the getint role doesn’t exist, create it as described earlier.

Important note:

Step 3: Add a Business Rule to Restrict Access to Incidents by Assignment Group and Username

You need to create Business Rules to ensure that data visibility is restricted by Assignment Group and username.

Requirements:

  • The Assignment Group (e.g., company1) is created.

  • The user with the matching username (e.g., company1) and with the roles assigned: (getint, sn_incident_read, sn_incident_write

Important: The username and Assignment Group must be identical (case-sensitive).

Steps:

  • Go to Administration > Business Rule.

  • And follow the steps shown in the pictures below:

  • Create a new Business Rule with the following script:

(function executeRule(current, previous) {
    var userName = gs.getUserName();  // Get the current user's username

	// Bypass restriction for admin users
    if (gs.hasRole('admin')) {
        gs.info("Admin user, bypassing group restriction.");
        return; // Allow admins to proceed
    }

    // Handle querying incidents where assignment group matches the username
    if (!current.isNewRecord()) {  // Only add this condition for non-insert actions
        current.addQuery('assignment_group.name', userName);  // Compare assignment group's name with the username
        gs.info("Querying incidents where assignment group matches username: " + userName);
    }

    // Handle inserts - set the assignment group based on the username
    if (current.isNewRecord()) {  // If this is an insert operation
        var userGr = new GlideRecord('sys_user_group');
        userGr.addQuery('name', userName);  // Find the group by username
        userGr.query();
        
        if (userGr.next()) {
            current.assignment_group = userGr.sys_id;  // Set the assignment group to the group found
            gs.info("Set assignment group to: " + userGr.name + " for user: " + userName);
        } else {
            gs.error("No matching assignment group found for username: " + userName);
        }
    }

    // Handle updates - restrict changes if assignment_group doesn't match the username
    if (!current.isNewRecord() && current.assignment_group.changes()) {  // If it's an update and assignment_group has changed
        var newAssignmentGroup = current.assignment_group.getDisplayValue().toLowerCase();
        
        // Check if the new assignment group matches the current user's group
        if (newAssignmentGroup !== userName.toLowerCase()) {
            gs.addErrorMessage("You cannot change the assignment group to one that does not match your username.");
            gs.error("Update blocked: Attempt to change assignment group to: " + newAssignmentGroup + " by user: " + userName);
            current.setAbortAction(true);  // Prevent the update from completing
        }
    }
})(current, previous);

This script ensures that users only see Incidents assigned to their group, and it sets the Assignment Group automatically for new records.

Step 4: (Optional) Add Business Rule to Hide Other Assignment Groups

This step is optional and only serves to hide other Assignment Groups, ensuring that 3rd parties will only see their own Assignment Group (which matches their username) in the integration configuration.

Important: Even if a 3rd party company attempts to use an Assignment Group other than their own, Getint will ignore it and still enforce the use of the username as the Assignment Group.

Purpose:

This Business Rule ensures that each company only sees its own Assignment Group and hides others. This is useful for preventing 3rd parties from seeing Assignment Groups that do not belong to them.

Steps:

  • Go to Administration > Business Rule.

  • Create a new Business Rule following the steps shown in the images below.

  • Set the fields as shown in the image.

  • Script: In the Advanced tab, paste the following script to restrict the visibility of Assignment Groups based on the current user's username:

(function executeRule(current, previous /*null when async*/) {
    // Get the current user's username
    var userName = gs.getUserName();
    // Bypass restriction for admin users
    if (gs.hasRole('admin')) {
        gs.info("Admin user, bypassing group restriction.");
        return; // Allow admins to proceed
    }
    // Get the group name of the current group being queried or interacted with
    var groupName = current.name.getDisplayValue();
    // Log values for debugging (optional)
    gs.info("User: " + userName + " | Group: " + groupName);
	// Restrict the query to return only groups where the group name matches the username
    current.addQuery('name', userName);
})(current, previous);

This rule ensures that only the group matching the username will be visible to each company during the integration process.

Step 5: Add Business Rule to Restrict Access to Comments from Incidents

Steps:

  • Go to Administration > Business Rule.

  • And follow steps shown on the pictures below:

  • Create a new Business Rule with the following script

(function executeRule(current, previous /*null when async*/) {
	var username = gs.getUserName();

    // Filter records where the 'name' field is 'incident'
    current.addQuery('sys_class_name', 'incident'); // Ensure we are working with incidents only

    // Create a new GlideRecord for incidents
    var gr = new GlideRecord('incident');
    gr.addQuery('sys_class_name', 'incident'); // Ensure we are filtering incidents
    gr.query();

    var incidentSysIds = [];
    while (gr.next()) {
        var assignmentGroupId = gr.getValue('assignment_group'); // Get the sys_id of the assignment group
        var groupRecord = new GlideRecord('sys_user_group');
        if (groupRecord.get(assignmentGroupId)) { // Fetch group record
            var groupName = groupRecord.getValue('name'); // Get the group name
            if (groupName === username) {
                incidentSysIds.push(gr.getValue('sys_id')); // Add the incident's sys_id if it matches
            }
        }
    }

    // Now add the query to 'current' to return only the incidents with the collected sys_ids
    if (incidentSysIds.length > 0) {
        current.addQuery('element_id', 'IN', incidentSysIds); // Filter current to only include these sys_ids
    } else {
        current.addQuery('element_id', 'IN', ['-1']); // No matching incidents, return an empty set
    }

})(current, previous);

Step 6: Add Two Business Rules to Restrict Access to Attachments from Incidents

Steps:

  • Go to Administration > Business Rule.

  • And follow steps shown on the pictures below:

In the first step you will restrict access to the sys_attachment table, and in the second step you will restrict access to the sys_attachment_doc table (which holds the data for each attachment).

  • Restrict access to sys_attachment table

  • Create a new Business Rule with the following script

(function executeRule(current, previous /*null when async*/) {
    var username = gs.getUserName();

    // Filter attachments that are linked to incidents
    current.addQuery('table_name', 'incident'); // Filter only attachments related to incidents

    // Create a new GlideRecord to query incidents
    var gr = new GlideRecord('incident');
    gr.addQuery('sys_class_name', 'incident'); // Ensure we are filtering incidents
    gr.query();

    var incidentSysIds = [];
    while (gr.next()) {
        var assignmentGroupId = gr.getValue('assignment_group'); // Get the sys_id of the assignment group
        var groupRecord = new GlideRecord('sys_user_group');
        if (groupRecord.get(assignmentGroupId)) { // Fetch group record
            var groupName = groupRecord.getValue('name'); // Get the group name
            if (groupName === username) { // Compare assignment group with the username
                incidentSysIds.push(gr.getValue('sys_id')); // Add the incident's sys_id if it matches
            }
        }
    }

    // Now add the query to 'current' to return only the attachments linked to the incidents with the matching assignment group
    if (incidentSysIds.length > 0) {
        gs.error("Matching incident sys_ids: " + incidentSysIds.join(", "));
        current.addQuery('table_sys_id', 'IN', incidentSysIds); // Filter current to only include attachments linked to these incidents
    } else {
        gs.error("No matching incidents found for user: " + username);
        current.addQuery('table_sys_id', 'IN', ['-1']); // No matching incidents, return an empty set
    }

})(current, previous);

  • Restrict access to sys_attachment_doc table

Steps:

  • Go to Administration > Business Rule.

  • And follow steps shown on the pictures below:

  • Create a new Business Rule with the following script

(function executeRule(current, previous /*null when async*/) {
    var username = gs.getUserName();

    // Create a new GlideRecord for attachments related to incidents
    var attachmentGR = new GlideRecord('sys_attachment');
    attachmentGR.addQuery('table_name', 'incident'); // Filter for attachments related to incidents
    attachmentGR.query();

    var attachmentSysIds = [];
    while (attachmentGR.next()) {
        var incidentId = attachmentGR.getValue('table_sys_id'); // Get the sys_id of the related incident
        
        // Query the incident to get the assignment group
        var incidentGR = new GlideRecord('incident');
        if (incidentGR.get(incidentId)) {
            var assignmentGroupId = incidentGR.getValue('assignment_group'); // Get assignment group id
            var groupRecord = new GlideRecord('sys_user_group');
            if (groupRecord.get(assignmentGroupId)) { // Fetch group record
                var groupName = groupRecord.getValue('name'); // Get the group name
                if (groupName === username) {
                    attachmentSysIds.push(attachmentGR.getValue('sys_id')); // Add the attachment sys_id if it matches
                }
            }
        }
    }

    // Now add the query to 'current' to return only the documents linked to the attachments with the collected sys_ids
    if (attachmentSysIds.length > 0) {
        gs.error("Matching attachment sys_ids for user: " + username + " - " + attachmentSysIds.join(", "));
        current.addQuery('sys_attachment', 'IN', attachmentSysIds); // Filter current to only include attachment docs linked to these attachments
    } else {
        gs.error("No matching attachments found for user: " + username);
        current.addQuery('sys_attachment', 'IN', ['-1']); // No matching attachments, return an empty set
    }

})(current, previous);

Summary

We have now restricted data access for each company to the Incidents associated with their Assignment Group. You can apply similar logic to other tables, such as Change Request, to restrict full access.

we created the getint_integration user (and it applies for most cases where you have a single ServiceNow and single Jira to integrate), but we need to create another user (for each company) and assign roles: getint, sn_incident_read, sn_incident_write)

If you need any further help or if you are experiencing issues with your integration, feel free to open a support ticket at our

In this tutorial,
Support Portal.
Example integration Incident ↔︎ Bug
Create a new Assignment Group
Create an Assignment Group with name company1
Create new user
User ID is the most important (company1)
After creating a user. Edit the user password.
Generate and then copy the password
Uncheck and click Update.
Assign Roles to the user
Create a new Business Rule
Everything should be set as in the picture above
Go to Advanced tab and paste script shown below.
You can also hide all groups and leave group created specifically for 3rd party (ex. “company1”)
Everything should be set as in the picture above
Go to Advanced tab and paste script shown below
Example for user "allegro." Only one Assignment Group is visible because username is allegro.
Make sure to select sys_journal_field table
Go to Advanced tab and paste script shown below
Make sure to select sys_attachment table
Go to Advanced tab and paste script shown below:
Make sure to select sys_attachment_doc table
Go to Advanced tab and paste script shown below:
Assign getint, sn_incident_read, sn_incident_write. If you don't see role getint then create it as described .
Start your integration journey. Schedule a free consultation with our Getint Integration Expert today!
here
Start your integration journey. Schedule a free consultation with our Getint Integration Expert today!