Instance Read Only access without license penalty

Shawn Horley · ‎01-28-2020

What with the changes to the SN licensing model, we are having to be more careful in how we provision roles for our fulfillers. I have a number of them that require Read-Only access to our Instance, and to provide that for them it was easy enough in the past to create an Admin/ReadOnly group that used the Admin role for full access in conjunction with the snc_read_only role to limit their abilities to just seeing the data without being able to change/break anything.

I now have to look some other way of doing this as accounts with Admin inherit the Itil role which is a license cost for us.

Being a public entity we need to control our costs while maintaining our abilities and the same level of utility within the instance.

Can anyone suggest another way of setting up an instance-wide Read Only role that doesn't inherit Itil or require a crazy configuration of ACL's?

All help is appreciated!

Cheers

A.

Brad Tilton · ‎01-29-2020

Unfortunately, I think that's the only option for easy auditor access to give them the itil role and then the read only role. I wouldn't think an auditor would need access for a long period of time so you might just be really targeted about who and when you give access.

View solution in original post

Brad Tilton · ‎01-29-2020

Unfortunately, I think that's the only option for easy auditor access to give them the itil role and then the read only role. I wouldn't think an auditor would need access for a long period of time so you might just be really targeted about who and when you give access.

Shawn Horley · ‎01-29-2020

Greetings Brad

Thank you for the feedback!

This is not for short term auditors, but for support persons that need access to more than just the Itil-visible areas of the instance. There are integrations with Peoplesoft, as well as the Nuvolo enterprise asset management app which their integrations feed into. So there are requirements to be able to view the data sources, scheduled jobs, etc.

Some of their work takes them into the HR scope as well. So they are all over the instance looking at stuff, thus me giving them the Admin Read Only access.