- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-29-2024 09:35 AM
we have a situation where we want our vendor to use our ServiceNow instance to work on tickets assigned to them. However, we need to restrict their access so they can only see the tickets assigned to them and not have access to other modules or incidents assigned to other assignment groups.
We have created a new role for them and set up new ACLs, but this role comes with certain limitations:
Limitations:
- They cannot see the SLA.
- They cannot update the ticket priority.
- They do not have access to work notes.
- They cannot add people to the Watch list.
- They cannot put the ticket on hold to pause the SLA.
I'm reaching out to see if you have any suggestions on how we can handle this scenario.
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-29-2024 01:36 PM - edited 05-29-2024 01:37 PM
Hi sneeli,
We ran into a similar situation some time back. We resolved it via a before query business rule. The before query rules run before ACLs and since they are back end, they can't change anything there unless you give them admin level access. The nice part is that you have more flexibility than in ACLs. I would suggest that you simply use the query to add criteria.
What you can do is check for the role you created and if the user has it, add a restriction.
var theUser = gs.getUser();
var theUserRole = theUser.hasRole("<your role>");
if (theUserRole) {
qc = current.addQuery("assignment_group", "<the relevant group>");
}
I made an assumption that you can use assignment group to limit the incidents that they will see.
:{)
Helpful and Correct tags are appreciated and help others to find information faster
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-29-2024 01:36 PM - edited 05-29-2024 01:37 PM
Hi sneeli,
We ran into a similar situation some time back. We resolved it via a before query business rule. The before query rules run before ACLs and since they are back end, they can't change anything there unless you give them admin level access. The nice part is that you have more flexibility than in ACLs. I would suggest that you simply use the query to add criteria.
What you can do is check for the role you created and if the user has it, add a restriction.
var theUser = gs.getUser();
var theUserRole = theUser.hasRole("<your role>");
if (theUserRole) {
qc = current.addQuery("assignment_group", "<the relevant group>");
}
I made an assumption that you can use assignment group to limit the incidents that they will see.
:{)
Helpful and Correct tags are appreciated and help others to find information faster
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-30-2024 08:31 AM
Thank you John for your quick response, the solution did work, we were just not able to apply it to the work notes field, which is not a big issue.