- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-18-2023 03:05 PM
Hello!
I'm in need of some help, even pointing me to documentation I just can't seem to find would be great. I have no idea how to make a role I create do something. I've used created roles to give an assignment group visibility of a certain field on an Incident form, but that had nothing to do with the role, more just who had that made up role.
I'm looking to make some custom roles so that I can create least permissions for users. An example is that I would like our Service Desk to be able to see only their own drafts of KB articles under the Knowledge module > Unpublished, and I also don't want them to be able to see anything else in that module that's unnecessary (for example: the Retired list, or the Published list). Each Module and Application Menu has roles attached to it, but how does ServiceNow know that an knowledge_admin is different than a person with the knowledge or knowledge_manager role? All 3 have access to the App menu and Module but can't interact the same way with it.
Obviously I would want to be able to do this with other App Menus and Modules, I just used this example above as something I'm struggling to figure out.
This would be a life saver if someone could help. I greatly appreciate any help you'd throw to this new ServiceNow admin.
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-19-2023 11:26 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-18-2023 04:18 PM
Hi, when a user logs into the platform their allocated roles are loaded into their session data.
When role based functionality\behavior is referenced the platform checks the session data to see if the user has the required role. If a function is referenced to more than 1 role a user must have one of the roles. If there are multiple separate functions based on different roles, the user will be valid for each one where their role matches.
So for menu Applications and Modules it is a simple check like Application X requires role Y, user has role Y, so Application X is valid for the user and visible to them.
But be aware that while a user can see a menu item, this is just visibility of 'something' and the functionality underpinning this visible item may be based on different roles, with each ACL or script involved checking for roles that match the user, and the functionality only provided when a match is made.
If you are testing functionality based on roles make sure you log the user out and back in (or re-impersonate then) any time you add or remove a role from the account.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-19-2023 08:45 AM
Thank you for your reply Tony, I'm finding out more and more that I'll be doing some scripting for these things and adjusting/creating ACLs to make some things my management would like to implement. I appreciate you helping out.
Is there any ServiceNow docs you know of that might be helpful or do you just recommend looking up ACL's on their documentation and going from there?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-19-2023 11:26 AM
