cmdb read role

nameisnani · ‎03-06-2024

Hi Team ,

Can anyone please help which role we need to give cmdb read only .

Request is : Require read access to CMDB in ServiceNow .

Thanks in advance

Community Alums · ‎03-06-2024

Hi @nameisnani ,

Give the users a role of "cmdb_read"

"cmdb_read" is a Requester role and doesn't need any license.

nameisnani · ‎03-06-2024

Hi @Community Alums

I have provided cmdb_read - ,,,, where user can find all cmdb CI's.

Community Alums · ‎03-06-2024

Hi @nameisnani ,

You will not have a application module, cmbd_read role will allow to read the ci details.

go to system Definition > Tables

search for cmdb_ci:

OR

Just type : cmdb_ci.LIST

nameisnani · ‎03-06-2024

@Simran Gadodiya @shyamkumar VK @Community Alums

I have just done a screen share with user (X) and he does have access to the CMDB tables now (e.g. Business Applications and Application Services) which is good. What is not good however is that he has the access to update any and all fields in both and probably others.

We need to strictly restrict access to update these records to only people who have the access to do so. How do we ensure that this is restriction is in place?

I was hoping to only provide User (x ) with the cmdb_read role but he has been provided many others which nameisnani seems to think are provided along with the ability to raise changes. Does this mean that anyone who can raise changes can also update anything in CMDB? If this is the case, then this needs to be fixed ASAP.

Let me know please.

@Simran Gadodiya @shyamkumar VK @Community Alums

How should i proceed here

shyamkumar VK · ‎03-06-2024

@nameisnani , Design Write ACL on this and give the Role so this can abort others to update anything on applications

you need to create below ACL's

Cmdb_ci.none

cmdb_ci.*

Regards,

Shyamkumar

Please mark this as helpful and accept as a solution if this resolves your Ask.
Regards,

Shyamkumar