Join the #BuildWithBuildAgent Challenge! Get recognized, earn exclusive swag, and inspire the ServiceNow Community with what you can build using Build Agent.  Join the Challenge.

Pending User Requests

Go to solution
Bill Bonnett
Kilo Expert

‎10-22-2014 01:16 AM

How can I make it so non-admins can approve user access requests? I want a specific group to only approve pending users without having to admins to do it. Any suggestions?

0 Helpfuls
  • 2,022 Views
1 ACCEPTED SOLUTION

Go to solution
marcguy
ServiceNow Employee
ServiceNow Employee
In response to Bill Bonnett

‎10-22-2014 02:26 AM

oh ok I just took a look at it, it's a new table and has no workflow so all you have to do really is modify the 2 UI Actions called 'Create User' and 'Reject'.



current condition is this:


current.state == "pending" && (gs.hasRole("admin") || gs.hasRole("user_admin"))



so user_admins also have the rights to do this but if you want another role of as you said a group do this:


current.state == "pending" && gs.isMemberOf('sys_id of your group in there');



Also you might need to check the ACLs on that user_registration_request to ensure those users can read/write to that table.



Alternatively you could just give that group the user_admin role and that's a much easier fix then?


View solution in original post

0 Helpfuls
5 REPLIES 5

Go to solution
marcguy
ServiceNow Employee
ServiceNow Employee

‎10-22-2014 01:23 AM

Is this a catalog item? if so you can build a workflow for that item and select that group in the group approval activity.



Service Catalog Workflows - ServiceNow Wiki


0 Helpfuls

Go to solution
Bill Bonnett
Kilo Expert
In response to marcguy

‎10-22-2014 01:55 AM

It's a built-in plugin - self-registration and I can only see where one must be an admin to approve the user's request.


0 Helpfuls

Go to solution
marcguy
ServiceNow Employee
ServiceNow Employee
In response to Bill Bonnett

‎10-22-2014 02:26 AM

oh ok I just took a look at it, it's a new table and has no workflow so all you have to do really is modify the 2 UI Actions called 'Create User' and 'Reject'.



current condition is this:


current.state == "pending" && (gs.hasRole("admin") || gs.hasRole("user_admin"))



so user_admins also have the rights to do this but if you want another role of as you said a group do this:


current.state == "pending" && gs.isMemberOf('sys_id of your group in there');



Also you might need to check the ACLs on that user_registration_request to ensure those users can read/write to that table.



Alternatively you could just give that group the user_admin role and that's a much easier fix then?


0 Helpfuls

Go to solution
Bill Bonnett
Kilo Expert
In response to marcguy

‎10-22-2014 03:39 AM

*SIGH* I didn't see "user_admin" so I thought "admin" which they are not. Thanks! Adding that role to those individuals did the trick! Thanks!


0 Helpfuls