Tracking Application specific Roles and Permissions

miguelsa
Tera Contributor

‎06-08-2023 04:15 AM

Hello Community,

I have  yet to find any references to this particular requirement, so here goes nothing.

 

We're aiming to track Application specific Roles and Permissions as CIs, so that we can link them to Service Catalogue Requests, Change Management processes and even Provisioning Automation (where possible).

 

Would like to get the Community's feedback and thoughts, just to see if I'm not missing out on some important issue here.

 

Appreciate any comments in advance.

 

Labels:
0 Helpfuls
  • 1,602 Views
5 REPLIES 5

Daniel Borkowi1
Mega Sage

‎06-09-2023 12:11 AM - edited ‎06-09-2023 12:14 AM

Hi @miguelsa, In my opinion it's OKish to follow this approach, but I recommend to use CMDB only for real configuration items and use a custom table for such mappings. You can use Datalookup tables for that, they also not count as custom table (docs). By the way, did you check the table license_role in your instance? Unfortunately not all roles are linked to an application/process, but most relevant roles are.

 

Hope that helps.

 

Greets Daniel

Michael Storgaa
Tera Expert

‎06-12-2023 04:51 AM

We are utilizing App Engine in a high degree, and we are trying to tackle the same issue here. However, we ended up creating custom functionality to help us track the license consumption and use as the foundation for an automated way of getting access to application - or for application owners to manage who has access.

 

But I would really not want to go the CMDB way either.

 

How come you thought of using CMDB for it? Is there a specific reason?

miguelsa
Tera Contributor
In response to Michael Storgaa

‎06-12-2023 07:34 AM

We're considering CMDB as a way to link two distinct requirements.

a) Managing Access Requests via Requests

b) Being able to report on assigned roles across a multitude of departments and applications.

 

We're not going to create nothing complex, just considering creating a specific custom Application Role that can be tied to a Business Application which we can then track in Requests and with a Relationship Table to Users.

But ... still a lot of thought processing going on.

0 Helpfuls

jodgreen
Giga Contributor
In response to miguelsa

‎06-15-2023 01:23 PM

We are actually trying to figure out if one or more ServiceNow modules can help us accomplish similar requirements:

1. Real-time SW License tracking (update license inventory counts based on SW install REQ tickets, track renewal dates, total license counts, etc.) - - looks like SAM might be a good fit for this....?

2. Basic Application Info repository (e.g. name(s) of app IT owner, name(s) of app business owner, who approves access, vendor rep/info, etc......does everyone just use CMDB for the non-technical App data as well?)

3. Link all of the above to our CMDB with HW/network data, etc.

 

Any thoughts....?

0 Helpfuls