- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-01-2024 10:46 AM - edited 03-01-2024 10:46 AM
I am looking to create a ACL to bypass the following article or existing UI Policys / Access control list to be able to edit the form for alm_consumables_list:
Article:
- For each of these 2x ACL records:
- record/write: alm_asset.
https://<instance>.service-now.com/sys_security_acl.do?sys_id=1d7fd8291b702000aebbfbcd2c0713c1 - record/write: alm_asset.*
https://instance>.service-now.com/sys_security_acl.do?sys_id=4dd436dd3737100044e0bfc8bcbe5db3
- record/write: alm_asset.
Is their a way to edit the form for consumable asset based on a specific role?
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-02-2024 12:29 PM
From the context menu of alm_consumable table, click on Configure>All. Here you can look into everything that is configured for this table. That would help to troubleshoot.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-01-2024 11:20 AM
As per HAM best practices, it is not recommended to modify the consumable record after it is consumed. That is why the solution mentioned in the URL is specifically stated as a temporary fix. The only reason to edit after state changes to consumed is to correct any updates made by mistake. I would suggest to make the temporary changes as mentioned in the URL, correct the required records and then change the ACL back to its original configuration.
The asset management process and access rights should ensure that consumable records are updated properly. That should minimize the possibility of mistakes and avoid the need to correct consumable records after it is consumed.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-01-2024 11:26 AM
@Ashok Sasidhara but I was hoping to at least know how as we are delegating someone that we do not want to have admin access/security access or bug an admin, and essentially that would be their primary role would be to correct the mistakes.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-02-2024 07:29 AM
Security_admin is required only for your existing administrator for modifying the ACL temporarily as mentioned in the URL. You can give the 'Asset' role to the user who need to make the changes on the consumable records. Then the user should ideally analyze and correct the mistakes in bulk. After the corrections are over, the security admin can change the ACL back to its original state. You have to consider the following 2 steps to avoid mistakes in future:
1. Restrict the write access only to a few users like asset managers
2. Provide training and documentation to all the users having write access to ensure they are aligned with your asset management process & data requirements while making modifications
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-02-2024 07:59 AM
So If I make the 2 roles inactive provide the user the role asset they will be able to edit consumables?