New roles need access to everything within Incident app.

lawbantell
Kilo Explorer

‎10-28-2015 07:27 AM

Hello all, I created new roles and will like users with these role to be able to see everything within Incident app; we do not want them to have the "itil" role. I have added the new roles to Incident app but they are not seeing the records within the modules in Incident, do I need to add the roles to all Incident rules in ACL? Please advice. Thank you.

0 Helpfuls
  • 1,131 Views
6 REPLIES 6

Brad Tilton
ServiceNow Employee
ServiceNow Employee

‎10-28-2015 07:50 AM

I think you need to look at how the itil role interacts with both the incident and task tables, and duplicate or add to many of those ACLs.



What is the requirement here? Do you want to give access to a group of users while restricting access to other itil applications? It's sometimes easier to add a role and just restrict other modules outside of ACLs.


0 Helpfuls

lawbantell
Kilo Explorer

‎10-28-2015 08:05 AM

The requirement is: Only Role_A and Role_B are the only two that can override auto populated/edit the impact, urgency and priority fields; it should be grayed out for ITIL role. ITIL_User role should be able to update , transfer, resolve and close records in their own assignment group. ITIL_User role should be able to add work notes / update in any open record , regardless of what assignment group the ticket is in. Service Desk should be able to transfer, resolve and close any record regardless of the assignment group.



I did the followings:


Created Role_A role and Role_A group and assigned Role_A role to Role_A group


Crested Role_B role and Role_B group and assigned Role_B role to Role_B group


Created UI Policies:


        Added the following UI Actions:
        Impact: Leave alone


        Urgency: Leave alone


Script:


Execute if true:


function onCondition() {


                              function
onCondition() {


                              var
isItil = g_user.hasRoleExactly("itil");


                              if
(isItil){


                              //                       g_form.setReadOnly('priority',
false);


                              g_form.setReadOnly('impact',
true);


                              g_form.setReadOnly('urgency',
true);


}


}


0 Helpfuls

de_dah
Giga Contributor
In response to lawbantell

‎12-15-2015 06:19 AM

Did you ever get this working?   I'm needing the same thing.   I have a group that I want to be able to create incidents, but not many other things off the task table.   I'm not able to find a simple way to get this working.  


0 Helpfuls

Stijn Verhulst3
Kilo Guru
In response to de_dah

‎01-28-2016 04:45 PM

Hi Dione,



this can be done by creating ACLs for the group you're talking about on the operation create. As for securing specific fields, you'll need to configure the existing ACLs on the operation write.



More information about ACLs:http://wiki.servicenow.com/index.php?title=Using_Access_Control_Rules#gsc.tab=0



Kind regards,



Stijn


0 Helpfuls