How to allow a user / create acl for editing alm_consumable table/form

Joshua Comeau · ‎03-01-2024

I am looking to create a ACL to bypass the following article or existing UI Policys / Access control list to be able to edit the form for alm_consumables_list:

Article:

How to Modify a Consumable asset record after it has been Consumed - Support and Troubleshooting (se...

For each of these 2x ACL records:
- record/write: alm_asset.
  https://<instance>.service-now.com/sys_security_acl.do?sys_id=1d7fd8291b702000aebbfbcd2c0713c1
- record/write: alm_asset.*
  https://instance>.service-now.com/sys_security_acl.do?sys_id=4dd436dd3737100044e0bfc8bcbe5db3

Is their a way to edit the form for consumable asset based on a specific role?

Ashok Sasidhara · ‎03-02-2024

From the context menu of alm_consumable table, click on Configure>All. Here you can look into everything that is configured for this table. That would help to troubleshoot.

View solution in original post

Ashok Sasidhara · ‎03-01-2024

As per HAM best practices, it is not recommended to modify the consumable record after it is consumed. That is why the solution mentioned in the URL is specifically stated as a temporary fix. The only reason to edit after state changes to consumed is to correct any updates made by mistake. I would suggest to make the temporary changes as mentioned in the URL, correct the required records and then change the ACL back to its original configuration.

The asset management process and access rights should ensure that consumable records are updated properly. That should minimize the possibility of mistakes and avoid the need to correct consumable records after it is consumed.

Joshua Comeau · ‎03-01-2024

@Ashok Sasidhara but I was hoping to at least know how as we are delegating someone that we do not want to have admin access/security access or bug an admin, and essentially that would be their primary role would be to correct the mistakes.

Ashok Sasidhara · ‎03-02-2024

Security_admin is required only for your existing administrator for modifying the ACL temporarily as mentioned in the URL. You can give the 'Asset' role to the user who need to make the changes on the consumable records. Then the user should ideally analyze and correct the mistakes in bulk. After the corrections are over, the security admin can change the ACL back to its original state. You have to consider the following 2 steps to avoid mistakes in future:

1. Restrict the write access only to a few users like asset managers

2. Provide training and documentation to all the users having write access to ensure they are aligned with your asset management process & data requirements while making modifications

Joshua Comeau · ‎03-02-2024

So If I make the 2 roles inactive provide the user the role asset they will be able to edit consumables?