Limit access to Requested Items based on Role

tahnalos · ‎04-22-2024

Hi there. We have a special ask regarding certain items in the Service Catalog.

We are aware of the User criteria function, but what this does is to limit access to the Catalog item for users when they are requesting items. The situation I am dealing with here is different.

What we want to do is to limit certain requested Items to certain assignment groups. Based on how we interpret the User Criteria function, this won't do what we want, as this limits the front end and we want to limit who can access on who can actually work on the item and their requested tasks.

I notice that the Service Categories form has a Role Field so wondering if it can be set up using ACLs to limit access to these items based on those who have a certain role. Would that work?

James Chun · ‎04-22-2024

Hi @tahnalos,

So you would like to limit fulfillers' access to RITMs and SCTASKs.

There are a few ways to do it, and ACL would be my least favourite.

Control access to variables via the 'Read roles'. I believe the users will still have access to the RITMs/SCTASKs but not the variables.

Data filtration - create a new 'Role Filter Criteria' and apply it to your records.

https://docs.servicenow.com/bundle/washingtondc-platform-security/page/administer/security/concept/d...

You can also create custom ACL and/or Query Business Rule but they would be my last pick

Cheers

View solution in original post

Its_Azar · ‎04-22-2024

Hi there @tahnalos

Yes, you can use Access Control Lists (ACLs) in ServiceNow to limit access to requested items based on the role of the user assigned to work on them. To restrict access to requested items based on the roles of users assigned to work on them, you can useAccess Control Lists (ACLs) in ServiceNow.

By creating ACL rules targeting the `sc_req_item` table, you can specify conditions that limit access to these items based on the role field of the assigned user, such as the `assignment_group`. For example, you can configure the ACL to grant read, write, create, or delete access only to users with certain roles, while denying access to others.

If this helps kindly accept the response thanks much,

☑️ If this helped, please mark it as Helpful or Accept Solution so others can find the answer too.

Kind Regards,

Mohamed Azarudeen Z

Developer @ KPMG

 Microsoft MVP (AI Services), India

tahnalos · ‎04-22-2024

But can we use the Role field on Categories to set up the ACL? Or does the role field on any form have special characteristics?

James Chun · ‎04-22-2024

Hi @tahnalos,

So you would like to limit fulfillers' access to RITMs and SCTASKs.

There are a few ways to do it, and ACL would be my least favourite.

Control access to variables via the 'Read roles'. I believe the users will still have access to the RITMs/SCTASKs but not the variables.

Data filtration - create a new 'Role Filter Criteria' and apply it to your records.

https://docs.servicenow.com/bundle/washingtondc-platform-security/page/administer/security/concept/d...

You can also create custom ACL and/or Query Business Rule but they would be my last pick

Cheers

tahnalos · ‎04-23-2024

I'll look at Data Filtration, it looks promising, and less messy.

I've been working with ServiceNow for almost 10 years now and I have gotten good at crafting ACLs so if there is a better way of doing it, I'm all for it. Thanks.