How to build ACLs for variables in service catalog?

Go to solution
johannes5
Giga Expert

‎01-28-2015 10:12 AM

Hi ServiceNow Community Developers

I am trying to build an access control for variables in the requested item (sc_req_item) table. When I try this out I can see the oob fields but for variables all I see is 'variables' I cannot see the actual variable names that I would like to build acls around. Do you guys know how do I build an acl for each variable within the service catalogue. Please advise.

Thanks,

Johannes

0 Helpfuls
  • 11,059 Views
1 ACCEPTED SOLUTION

Go to solution
randrews
Tera Guru
In response to johannes5

‎01-29-2015 11:21 AM

SWEET that is easy there is a client script you can add that will lock do the variables down.. you can apply that script on both the Item and or task forms...



just wrap it in an if statement and only open it up if the user is the requested for and you are done!



http://www.servicenowguru.com/scripting/business-rules-scripting/variables-form-readonly/



obtw.. the beauty of locking down your variables this way is you apply one script to the TABLE and it gets all your variables for every item with no maintenance required.!


View solution in original post

0 Helpfuls
17 REPLIES 17

Go to solution
Jim Coyne
Kilo Patron

‎01-28-2015 10:17 AM

Permissions for Catalog Variables work differently than fields on a table.   Take a look at this Wiki article - Using Service Catalog Variables - ServiceNow Wiki



As the note in the articles says, OOB the role fields are not on the form so you will need to add them first.


Go to solution
johannes5
Giga Expert
In response to Jim Coyne

‎01-28-2015 11:40 AM

Hi Jim,



Thanks for the response however I cannot see the part that allows me to lock the field down to a role.



Johannes


0 Helpfuls

Go to solution
Jim Coyne
Kilo Patron
In response to johannes5

‎01-28-2015 11:46 AM

You will need to personalize the Variable form (Personalizing Forms - ServiceNow Wiki) by adding the following 4 fields:


  • Read roles
  • Create roles
  • Delete roles
  • Write roles


Then you will be able to add the roles to the appropriate fields to lock your variables down.


Go to solution
jfarrer
Mega Guru

‎01-28-2015 10:34 AM

There are several role fields on the Variable definition table that can be added (if they're not already there) to the form that control who can read and write to the variables. I'd definitely start with the Write Roles field that controls who can write to the variable after it's been submitted. I'd recommend starting with a default value for that field of itil, admin, or nobody depending on your needs, then modify it as necessary. Usually after setting the Write Role access is controlled by Catalog UI Policy or Catalog Client Scripts. Starting with Calgary release there are check boxes on those that allow you to apply it after the form is submitted as well as before.


0 Helpfuls