Create an auditor role,

Lucien1 · ‎08-04-2014

Hi all,

We are just about to have an audit and I have been asked to come up with a solution on allowing the auditors "Read Only" access into SN. After reading all the forums to see what other admins have done, I am still lost as to what route is best. Now I know ACL's are what a lot of guys have said, but as there has to be a better way in doing this and I am a bit weary about going down this route as we will be upgrading from Calgary to Eureka whilst they complete the audit.

Can anyone out there that has completed this please share what they have done?

Thanks all,

Lucien

ben_hollifield · ‎08-05-2014

Hey Lucien,

Unfortunately, this solution requires the use of those roles. To allow visibility without any role usage, you would certainly have to go down the ACL route (no fun). Depending on the length of the audit engagement, perhaps you could shift things around temporarily to accommodate the auditors? Sorry there isn't an easier role-free solution!

View solution in original post

Tyler Herman · ‎02-15-2019

I'm very late to this party but I want to point others who come here to the same resource on the 'wiki'. The read only role can be customized via system properties. You can for example allow creation or writing on specific tables such as incident, which means if the person who is receiving this role is also a self-service employee in your company, they can open incidents.

See for more info: https://docs.servicenow.com/bundle/london-platform-administration/page/administer/user-administration/concept/c_ReadOnlyRole.html

**Read-only role properties**
Name	Description
glide.security.snc_read_only_role.tables.exempt_create
Specifies which tables are exempt from the read-only role enforcement and allow the creation of new records. Type: string Default value: sys_user_session, sysevent, syslog, syslog_transaction, sys_user_preference, sys_ui_list, sys_ui_list_element, sys_db_cache, user_multifactor_auth Location: System Properties [sys_properties] table

glide.security.snc_read_only_role.tables.exempt_write
Specifies which tables are exempt from the read-only role enforcement and allow the updating of existing records. Type: string Default value: sys_user_session, sysevent, syslog, syslog_transaction, sys_user_preference, sys_ui_list, sys_ui_list_element, sys_db_cache, user_multifactor_auth Location: System Properties [sys_properties] table

glide.security.snc_read_only_role.tables.exempt_delete
Specifies which tables are exempt from the read-only role enforcement and allow the deletion of existing records. Type: string Default value: sys_user_preference, sys_ui_list, sys_ui_list_element, sys_db_cache, user_multifactor_auth Location: System Properties [sys_properties] table

mikadad · ‎09-28-2016

WHAT ABOUT THE ABILITY TO CREATE/RUN A REPORT?

Lucien1 · ‎10-24-2016

Hi mikadad,

Yes you can run reports and view that data.

Regards,

Lucien

JLeong · ‎06-20-2018

Hi Gary,

Will this be a good approach.... I create a role called Auditor and under the "Contained Role" tab I add snc_read_only and ITIL role?

I think the combination of these roles will give our auditors what they need.

Thanks,

Jocelyn