Asset Management: Role suggestion for hardware read only access

Go to solution
Shawn Horley
Kilo Guru

‎09-28-2018 11:42 AM

Carrying along with my building the Asset Management plugin for our instance I am wondering about the appropriate roles.

I have created a hardware asset management admin group for our Asset Managers to be able to add, update, and remove entries as required and have given that group the Asset role. That was easy to determine.

Not so easy for me to determine is the role I should use for a group that will essentially only have read access to the hardware assets. The role description in the docs site are not detailed enough for me to know which of the listed roles there would provide that. I see the inventory_user role, but the description only says that that role allows for accessing stock information, and creating and managing transfer orders... If my techs only have that role will they be able to see the hardware assets at all?

Any feedback on this would be great.

Cheers

A.

0 Helpfuls
  • 2,898 Views
1 ACCEPTED SOLUTION

Go to solution
sebastian_g_snc
ServiceNow Employee
ServiceNow Employee
In response to Shawn Horley

‎10-02-2018 03:27 AM

Try the following:

create a new role "inventory_user_readonly"

let the new role contain the inventory_user role

give the new role to the respective person (via a group)

here is the tricky part: you will have to modify all relevant Access Controls (write and delete) - I counted 4: write a script for these ACs like:

var currentUser = gs.getUser(); 
answer = !currentUser.hasRole('inventory_user_readonly');

you could also put in a proper if and then return the answer; but you want to return a false if the user has the role in order to have the AC deny access.

If it dosn't work, roll back everything you did.

Kind regards

View solution in original post

7 REPLIES 7

Go to solution
sebastian_g_snc
ServiceNow Employee
ServiceNow Employee

‎09-30-2018 07:12 AM

Hi Arthwys,

there is something called the "snc_read_only" role. You can basically assigne this role to any user and that turns the access permissions of this user in read-only permissions.

The whole setup procedure is explained here:

https://docs.servicenow.com/bundle/london-platform-administration/page/administer/user-administratio...

Let me know it that helped. Kind regards

Seb

0 Helpfuls

Go to solution
Shawn Horley
Kilo Guru
In response to sebastian_g_snc

‎10-01-2018 08:31 AM

Greetings Sebastian

 

Unfortunately I can't use that as I need these folks to have write capabilities on other areas of the Instance.

I just need to restrict them to a read-only access in the Asset management application. They are Itil users and fulfillers in others applications.

 

0 Helpfuls

Go to solution
sebastian_g_snc
ServiceNow Employee
ServiceNow Employee
In response to Shawn Horley

‎10-02-2018 03:27 AM

Try the following:

create a new role "inventory_user_readonly"

let the new role contain the inventory_user role

give the new role to the respective person (via a group)

here is the tricky part: you will have to modify all relevant Access Controls (write and delete) - I counted 4: write a script for these ACs like:

var currentUser = gs.getUser(); 
answer = !currentUser.hasRole('inventory_user_readonly');

you could also put in a proper if and then return the answer; but you want to return a false if the user has the role in order to have the AC deny access.

If it dosn't work, roll back everything you did.

Kind regards

Go to solution
sebastian_g_snc
ServiceNow Employee
ServiceNow Employee

‎10-02-2018 03:33 AM

info: I edited step 3 above.

0 Helpfuls