Create a role and ACLS for vendor to access Incidents assigned to them.

sneeli
Tera Contributor

we have a situation where we want our vendor to use our ServiceNow instance to work on tickets assigned to them. However, we need to restrict their access so they can only see the tickets assigned to them and not have access to other modules or incidents assigned to other assignment groups.

 

We have created a new role for them and set up new ACLs, but this role comes with certain limitations:

 

Limitations:

 

  1. They cannot see the SLA.
  2. They cannot update the ticket priority.
  3. They do not have access to work notes.
  4. They cannot add people to the Watch list.
  5. They cannot put the ticket on hold to pause the SLA.

 

I'm reaching out to see if you have any suggestions on how we can handle this scenario.

1 ACCEPTED SOLUTION

johnfeist
Mega Sage
Mega Sage

Hi sneeli,

 

We ran into a similar situation some time back.  We resolved it via a before query business rule.  The before query rules run before ACLs and since they are back end, they can't change anything there unless you give them admin level access.  The nice part is that you have more flexibility than in ACLs.  I would suggest that you simply use the query to add criteria.  

 

What you can do is check for the role you created  and if the user has it, add a restriction.

 

var theUser = gs.getUser();
var theUserRole = theUser.hasRole("<your role>");
if (theUserRole) {
    qc = current.addQuery("assignment_group", "<the relevant group>");
}

 

I made an assumption that you can use assignment group to limit the incidents that they will see.

Hope that helps.

:{)

Helpful and Correct tags are appreciated and help others to find information faster

View solution in original post

2 REPLIES 2

johnfeist
Mega Sage
Mega Sage

Hi sneeli,

 

We ran into a similar situation some time back.  We resolved it via a before query business rule.  The before query rules run before ACLs and since they are back end, they can't change anything there unless you give them admin level access.  The nice part is that you have more flexibility than in ACLs.  I would suggest that you simply use the query to add criteria.  

 

What you can do is check for the role you created  and if the user has it, add a restriction.

 

var theUser = gs.getUser();
var theUserRole = theUser.hasRole("<your role>");
if (theUserRole) {
    qc = current.addQuery("assignment_group", "<the relevant group>");
}

 

I made an assumption that you can use assignment group to limit the incidents that they will see.

Hope that helps.

:{)

Helpful and Correct tags are appreciated and help others to find information faster

sneeli
Tera Contributor

Thank you John for your quick response, the solution did work, we were just not able to apply it to the work notes field, which is not a big issue.