GlideUser (g_user) Class: Your Guide to ServiceNow User Data

By /






Unlocking User Personalization: A Deep Dive into the ServiceNow GlideUser (g_user) Class


Unlocking User Personalization: A Deep Dive into the ServiceNow GlideUser (g_user) Class

In the dynamic world of IT Service Management (ITSM) and enterprise platforms, personalization is key. Making your users feel seen, understood, and efficiently guided is paramount to a positive experience. ServiceNow, a leader in this space, provides powerful tools to achieve this, and at the forefront of user-centric development lies the GlideUser (g_user) API. This client-side powerhouse grants developers unparalleled access to information about the currently logged-in user, enabling dynamic and tailored user interfaces and workflows.

Whether you’re aiming to greet a user by name, conditionally display information based on their role, or simply ensure they’re interacting with the system in a way that makes sense for them, the g_user object is your go-to resource. Let’s embark on a comprehensive exploration of this essential API, understanding its capabilities, practical applications, and how to leverage it effectively in your ServiceNow development.

The Core of User Awareness: What is GlideUser (g_user)?

The GlideUser API is a fundamental component of the ServiceNow client-side scripting environment. It’s a global object, meaning you can access it directly from your Client Scripts, UI Policies, and other client-side logic without needing to explicitly instantiate it. Its primary purpose is to provide real-time information about the user who is currently interacting with the ServiceNow instance.

Think of it as the system’s way of saying, “Who is using this right now?” and providing you with the answers to tailor the experience accordingly. The most common use cases revolve around:

  • Personalizing Feedback: Displaying user-specific messages or information.
  • Role-Based Logic: Dynamically showing or hiding elements, enabling or disabling actions, and controlling access based on user roles.

Accessing the g_user Object: Client-Side Only!

It’s crucial to understand that g_user is an exclusive resident of the client-side. This means you’ll find it available in contexts where the browser is processing your script – specifically, in:

  • Client Scripts (e.g., Catalog Client Scripts, Form Client Scripts)
  • UI Policies (acting on client-side)
  • Service Portal widgets (which run on the client)

You will not find g_user available in server-side scripts like Business Rules, Script Includes, or Workflow scripts. For server-side user information, you’d typically use the gs.getUser() API.

The syntax for interacting with the g_user object is straightforward. You append the desired property or method name directly to g_user, separated by a dot:

g_user.

Retrieving User Identity: Essential Properties

The g_user object exposes several key properties that allow you to quickly retrieve fundamental information about the logged-in user. These are invaluable for creating a more welcoming and contextually relevant interface.

First Name, Last Name, and Full Name

Often, you’ll want to address the user by their name. The g_user object provides direct access to their first and last names:

  • g_user.firstName: Returns the user’s first name as configured in their user record.
  • g_user.lastName: Returns the user’s last name as configured in their user record.

While you could manually concatenate these for a full name, the g_user API offers a more convenient method:

  • g_user.getFullName(): This method conveniently returns the user’s full name by concatenating their first and last names. It’s a cleaner and more readable approach than manual concatenation.

Let’s see these in action with a common example using an alert (though in a real application, you’d likely update UI elements):

// Example in a Client Script
    alert("Welcome, " + g_user.getFullName() + "!");
    alert("Your username is: " + g_user.userName);

User ID and User Name

Beyond their display names, users are uniquely identified within ServiceNow by their User ID and User Name. These are also readily available:

  • g_user.userName: This property returns the user’s login name or username. This is often the string they use to log into the system.
  • g_user.userID: This property returns the unique system ID (sys_id) of the user’s record in the sys_user table. Every record in ServiceNow has a 32-character hexadecimal sys_id. This is the system’s internal identifier for the user and is extremely useful for referencing the user record in other operations or for lookups.

Let’s look at a more comprehensive example showcasing these properties:

// Example in a Client Script
    var message = "User Information:\n";
    message += "First Name: " + g_user.firstName + "\n";
    message += "Last Name: " + g_user.lastName + "\n";
    message += "Full Name: " + g_user.getFullName() + "\n";
    message += "Username: " + g_user.userName + "\n";
    message += "User ID (sys_id): " + g_user.userID;

    alert(message);

If the currently logged-in user is “System Administrator”, the alert might display something like:

User Information:
First Name: System
Last Name: Administrator
Full Name: System Administrator
Username: admin
User ID (sys_id): 681ddf21132020004203002104042726
(Note: The actual sys_id will vary)

Real-World Application: Dynamic Greetings

Imagine a custom portal page where you want to greet users and provide them with quick links relevant to their role. You could use g_user.getFullName() to display a personalized greeting:

// In a Service Portal Widget's Client Controller
    function ($scope, $http) {
        /* widget controller */
        $scope.userGreeting = "Hello, " + g_user.getFullName() + "!";

        // You could then display $scope.userGreeting in your HTML template
    }

Mastering Role Checks: The Power of hasRole() and hasRoleExactly()

One of the most powerful applications of the g_user object is its ability to determine if a user possesses specific roles. This is fundamental for implementing role-based access control (RBAC) directly within your client-side scripts, providing a dynamic and secure user experience.

g_user.hasRole(roleName): The Inclusive Check

The hasRole() method checks if the current user has a given role assigned. This method is inclusive in a critical way: it returns true not only if the user has the specified role directly, but also if they have any role that inherits from it, or if they have the highly privileged admin role.

The admin role in ServiceNow is special. Users with the admin role are implicitly granted all other roles. This means if a user is an administrator, g_user.hasRole('any_role_name') will always return true, regardless of whether that specific role is directly assigned to them.

Example: Checking if a user can manage client scripts.

// In a Client Script on a form or list
    if (g_user.hasRole('client_script_admin')) {
        g_user.firstName = "You have administrative privileges for Client Scripts!";
        // You could also reveal a button, enable a field, etc.
    } else {
        g_user.firstName = "You have limited access to Client Scripts.";
        // Hide functionality or display a message
    }

This is useful for granting broad permissions. If you want users who can create and edit client scripts, and also administrators who can do anything, hasRole() is your choice.

g_user.hasRoleExactly(roleName): The Exclusive Check

Sometimes, you need a more precise check. You want to know if the user has *only* the specified role and no other implicit permissions that might grant them access. This is where hasRoleExactly() comes in.

This method returns true *only* if the specified role is directly assigned to the user. It will return false if the user has the admin role but not the specific role, or if the role is inherited.

Example: Verifying a specific, explicit role assignment.

// In a Client Script
    var roleToCheck = 'catalog_admin';

    if (g_user.hasRoleExactly(roleToCheck)) {
        alert("You are explicitly assigned the " + roleToCheck + " role.");
        // Perform actions specific to this exact role
    } else if (g_user.hasRole(roleToCheck)) {
        // This means they might be admin, or have an inherited role, but not exactly catalog_admin
        alert("You have access to catalog administration features, possibly through an administrative role.");
    } else {
        alert("You do not have the " + roleToCheck + " role.");
    }

The distinction between hasRole() and hasRoleExactly() is critical for building robust security and personalized experiences. Choose the method that best reflects the business logic you’re trying to implement.

Real-World Application: Conditional Form Visibility

Consider a form where certain fields should only be visible to users who are explicitly members of the “Incident Management” group, and not just administrators who might happen to have access.

// In an Incident Form Client Script
    function onLoad(current, previous) {
        var incidentManagementRole = 'incident_manager'; // Example role name

        if (g_user.hasRoleExactly(incidentManagementRole)) {
            g_form.setVisible('u_special_incident_field', true); // Show a custom field
            g_form.setMandatory('u_special_incident_field', true);
        } else {
            g_form.setVisible('u_special_incident_field', false);
            g_form.setMandatory('u_special_incident_field', false);
        }
    }

Best Practices and Considerations

While the g_user object is incredibly useful, it’s important to use it wisely to ensure maintainability and security.

Client-Side Validation is Not Security

This is a golden rule in web development, and it’s explicitly stated in the ServiceNow documentation for g_user: “Note that client-side validation in any web application is easily bypassed.”

This means that while you can use g_user to hide buttons, disable fields, or change UI elements based on roles, a determined user could still potentially bypass these client-side checks using browser developer tools or by directly calling server-side APIs. Therefore, any sensitive operations or data validation that requires strict security must be performed on the server-side using Business Rules or Script Includes.

Use g_user for enhancing the user experience and providing conditional visibility, not for enforcing security.

Performance Implications

While the g_user object is generally performant, avoid making excessive or redundant calls to its methods within loops or on every single client-side script execution if not strictly necessary. Each client-side script execution involves a round trip to the server to fetch data, and while g_user data is often cached, overuse can lead to minor delays.

Maintainability and Readability

When checking roles, using the exact role name as a string is clear, but for larger applications, consider using constants or configuration variables for role names to avoid typos and make refactoring easier.

Example:

// In a global Script Include or a constant definition
    var MY_APP_ROLES = {
        CLIENT_SCRIPT_ADMIN: 'client_script_admin',
        CATALOG_ADMIN: 'catalog_admin'
    };

    // In a Client Script
    if (g_user.hasRole(MY_APP_ROLES.CLIENT_SCRIPT_ADMIN)) {
        // ...
    }

Troubleshooting Common Issues

Occasionally, you might run into unexpected behavior when working with g_user. Here are a few common pitfalls and how to address them:

1. `g_user` is undefined

  • Symptom: Your script throws an error like “Uncaught TypeError: Cannot read properties of undefined (reading ‘firstName’)”.
  • Cause: You are trying to access g_user in a server-side script (e.g., Business Rule, Script Include, Workflow script).
  • Solution: Verify that your script is indeed running on the client-side. If you need user information on the server, use gs.getUser().

2. `hasRole()` returns `true` when you expect `false` (or vice-versa)

  • Symptom: A user who you believe shouldn’t have a certain permission can still access it, or a user who should have it cannot.
  • Cause: Misunderstanding the difference between hasRole() and hasRoleExactly(), or issues with role inheritance or the user’s `admin` status.
  • Solution:
    • Double-check the role name you are passing to the method.
    • If you need to know if a user has the role *directly*, use hasRoleExactly().
    • Remember that the admin role grants access to all other roles when using hasRole(). If you need to exclude administrators from specific role checks, you’ll need to add an explicit check for the `admin` role: if (!g_user.hasRole('admin') && g_user.hasRole('your_specific_role')) { ... }
    • Confirm the user’s actual roles in their `sys_user` record to understand their permissions accurately.

3. Incorrect User Information is Displayed

  • Symptom: The greeting or user details displayed are incorrect.
  • Cause: The user’s record in the sys_user table is outdated or contains incorrect information.
  • Solution: Ensure the user’s profile details (first name, last name, username) are correctly populated in their sys_user record. The g_user API simply reflects the data present in that record.

Interview Relevance: Mastering Client-Side User Context

For ServiceNow developers, understanding the g_user object is not just a nice-to-have; it’s a fundamental requirement. Interviewers will often probe your knowledge of client-side scripting and user context.

Key Questions to Prepare For:

  • “Describe how you would personalize a Service Portal page to greet the user by name.” (Tests knowledge of g_user.getFullName())
  • “What’s the difference between g_user.hasRole() and g_user.hasRoleExactly(), and when would you use each?” (Tests understanding of role checking nuances)
  • “Can you explain the security implications of using client-side role checks with g_user?” (Tests understanding of client-side vs. server-side security)
  • “How would you dynamically show/hide a field on a form based on whether the user is a ‘catalog_admin’?” (Tests practical application of hasRoleExactly())
  • “Where can you use the g_user object, and where can’t you?” (Tests awareness of client-side vs. server-side environments)
  • “What does g_user.userID represent?” (Tests knowledge of sys_id)

Being able to articulate the capabilities of g_user, demonstrate its practical use with clear examples, and explain its limitations (especially regarding security) will significantly boost your confidence and performance in technical interviews.

Conclusion

The GlideUser (g_user) API is an indispensable tool in the ServiceNow developer’s arsenal. It empowers us to move beyond static interfaces and create dynamic, personalized, and context-aware experiences for our users. By mastering its properties and methods, particularly for retrieving user details and checking roles, you can significantly enhance the usability and effectiveness of your ServiceNow implementations.

Remember the golden rule: use g_user to delight your users with personalized interactions and conditional UI, but always reinforce critical security and validation logic on the server-side. With this understanding, you’re well-equipped to build more intelligent and user-centric applications within the ServiceNow platform.


Scroll to Top