ITIL role

dmt10 · ‎11-10-2023

I would like to know if there is any documentation regarding the tables and processes where itil role is involved. Looking to identify users that may no longer need the role.

Ziad Qadora · ‎11-10-2023

Hi,

In Vancouver, ServiceNow introduced new plugin called "Access Analyzer" that may help if you are using Vancouver. This is a store product that is available for free. Please see screenshot below or visit https://docs.servicenow.com/bundle/vancouver-platform-security/page/integrate/identity/task/view-per...

I have not come across documentation that explain what itil role has access to. But for ITSM, it would be save to say itil role has ability to view/do a wide range of things OOB that are not specific for admins. You may need to get new instance and see what the OOB itil user is capable of doing to understand the role.

Please mark my reply as Helpful and/or Accept Solution, if applicable. Thanks!

Bert_c1 · ‎11-10-2023

you can look in the sys_security_acl_role and filter on 'itil' role for a start. As far as what users have the 'itil' role there is the sys_user_has_role table that you can filter on role = 'itil'. How you determine users that no longer need the roll is unknown. But you can write a script to find those users, and then delete the sys_user_has_role record.

Typically users lose a role when they are no longer member of a group and removed from the group. There are other situations that cause that. If you have the "Role Management: Contextual Security" and "Role Management: Contextual Security V2" plugins active. You can create a support case as they have a means to review role inheritance based on current configuration and clean up the sys_user_has_role table.