How to configure ACLs so users can see tickets created by other users in Service Portal?

patricklatella · ‎02-07-2019

Hi all,

I'm working on a customer service portal, and in the portal I need to allow non-roled users to see a widget called "My company's incidents", and then for them to be able to see all the records on the incident table that have the "company" field set to their company, regardless of who created it. Is this possible? The query I have on the widget is correct, but when impersonating users I cannot see the records created by other users. Anyone know how to do this?

DScroggins · ‎02-07-2019

Hi Patrick, You can modify the before query business rule "incident query" on the incident table. You can adjust the script to allow users to see the records according to whatever requirements you have. Currently only users who are the caller or opened by can see the incidents if they don't have roles. Once you modify the BR then the incident record will show in portal.

View solution in original post

patricklatella · ‎02-07-2019

Hi Rafael, thanks so much for your input and as I mentioned in my response to Paul, your warning is fully taken and we'll see if we're violating anything.

The non-roled users are external customers, these are people outside our organization, who work for a company we are providing services for. This is for a customer facing portal...so we only want these users to be able to view tickets in the portal, to see status and add comments...not fulfiller activities at all. Still think there's an issue here?

patricklatella · ‎04-04-2019

One last note to add to this thread for anyone looking to do something similar. I raised HI tickets with ServiceNow to see if there would be licensing issues around allowing this functionality and they said so long as the users who are viewing tickets can only add "Additional Comments", and they don't have the "itil" role, there would be no issue. Thanks again everyone for the help and discussion points!