ITSM User Roles for Services and Offerings vs Discovered CI's

Christine Richa
Tera Contributor

Assistance please: Need to know what ServiceNow role(s) to give a group of ITIL users so that they can create and edit Application Services, via Service Builder Technical Services/offerings and Business Services/offerings but not create or edit other Configuration Items that are part of the CMDB from sources such as Discovery.  We do not have full ITOM just ITOM Discovery so building services following the CSDM manually.  If all ITIL users have this capability, what process does your operations team do to insure your CMDB stays healthy?

1 ACCEPTED SOLUTION

Mathew Hillyard
Mega Sage

Hi @Christine Richa,

Application Services are defined using the Application Service Wizard, which in the baseline is accessed via All > CSDM > Manage Technical Services > Application Service, which requires the app_service_admin role to access the Wizard (you will only see the New UI Action in the list of App Services if you have this role). This role inherits the itil role.

 

Service Builder is a Store app that is aimed at Service Owners so is principally for building out the complete CSDM Service and requires the service_editor role to access.

 

The itil role contains the cmdb_editor role in the baseline, so you'll need to do some customization if you want to exclude such users from editing the wider CMDB - organisations frequently remove this role from itil as has far too much access in a medium or large organisation, and as you mention, Discovery or other automated tools keep the CMDB up to date; if for example a helpdesk user has a valid use case to create an ad hoc (usually end user) CI, provide the functionality via a Cat Item/Record Producer on the Service Portal instead of giving them CMDB create/write access.

View solution in original post

3 REPLIES 3

Stig Brandt
Tera Guru

Hi @Christine Richa 

 

there is many different roles, so recommend to read the docs, please add roles to groups then adding users to groups

 

br

stig

Thank you - yes we have seen lots of different roles and our practice is to add roles to groups then users to the group.

Mathew Hillyard
Mega Sage

Hi @Christine Richa,

Application Services are defined using the Application Service Wizard, which in the baseline is accessed via All > CSDM > Manage Technical Services > Application Service, which requires the app_service_admin role to access the Wizard (you will only see the New UI Action in the list of App Services if you have this role). This role inherits the itil role.

 

Service Builder is a Store app that is aimed at Service Owners so is principally for building out the complete CSDM Service and requires the service_editor role to access.

 

The itil role contains the cmdb_editor role in the baseline, so you'll need to do some customization if you want to exclude such users from editing the wider CMDB - organisations frequently remove this role from itil as has far too much access in a medium or large organisation, and as you mention, Discovery or other automated tools keep the CMDB up to date; if for example a helpdesk user has a valid use case to create an ad hoc (usually end user) CI, provide the functionality via a Cat Item/Record Producer on the Service Portal instead of giving them CMDB create/write access.