Create a role and ACLS for vendor to access Incidents assigned to them.

Go to solution
sneeli
Tera Contributor

‎05-29-2024 09:35 AM

we have a situation where we want our vendor to use our ServiceNow instance to work on tickets assigned to them. However, we need to restrict their access so they can only see the tickets assigned to them and not have access to other modules or incidents assigned to other assignment groups.

 

We have created a new role for them and set up new ACLs, but this role comes with certain limitations:

 

Limitations:

 

  1. They cannot see the SLA.
  2. They cannot update the ticket priority.
  3. They do not have access to work notes.
  4. They cannot add people to the Watch list.
  5. They cannot put the ticket on hold to pause the SLA.

 

I'm reaching out to see if you have any suggestions on how we can handle this scenario.

0 Helpfuls
  • 927 Views
1 ACCEPTED SOLUTION

Go to solution
johnfeist
Mega Sage
Mega Sage

‎05-29-2024 01:36 PM - edited ‎05-29-2024 01:37 PM

Hi sneeli,

 

We ran into a similar situation some time back.  We resolved it via a before query business rule.  The before query rules run before ACLs and since they are back end, they can't change anything there unless you give them admin level access.  The nice part is that you have more flexibility than in ACLs.  I would suggest that you simply use the query to add criteria.  

 

What you can do is check for the role you created  and if the user has it, add a restriction.

 

var theUser = gs.getUser();
var theUserRole = theUser.hasRole("<your role>");
if (theUserRole) {
    qc = current.addQuery("assignment_group", "<the relevant group>");
}

 

I made an assumption that you can use assignment group to limit the incidents that they will see.

Hope that helps.

:{)

Helpful and Correct tags are appreciated and help others to find information faster

View solution in original post

2 REPLIES 2

Go to solution
johnfeist
Mega Sage
Mega Sage

‎05-29-2024 01:36 PM - edited ‎05-29-2024 01:37 PM

Hi sneeli,

 

We ran into a similar situation some time back.  We resolved it via a before query business rule.  The before query rules run before ACLs and since they are back end, they can't change anything there unless you give them admin level access.  The nice part is that you have more flexibility than in ACLs.  I would suggest that you simply use the query to add criteria.  

 

What you can do is check for the role you created  and if the user has it, add a restriction.

 

var theUser = gs.getUser();
var theUserRole = theUser.hasRole("<your role>");
if (theUserRole) {
    qc = current.addQuery("assignment_group", "<the relevant group>");
}

 

I made an assumption that you can use assignment group to limit the incidents that they will see.

Hope that helps.

:{)

Helpful and Correct tags are appreciated and help others to find information faster

Go to solution
sneeli
Tera Contributor

‎05-30-2024 08:31 AM

Thank you John for your quick response, the solution did work, we were just not able to apply it to the work notes field, which is not a big issue.

0 Helpfuls