Restricting Access to Tickets for Vendors and Internal Groups

Go to solution
Carl Fransen1
Tera Guru

‎12-13-2017 05:13 PM

Hi All,

We have a requirement to implement the below at my site:

  1. Restrict external vendors to only see/update tickets directly assigned to them.
  2. Restrict HR Cases, by HR Service, to a specific group in ServiceNow
    • Essentially the opposite logic to point 1 - disallow all except the group access to these Cases AND all other HR Cases.

I've requested the 'Explicit Roles' on our DEV server to determine if this will help with one, or both of the above.

We do not have the Vendor Performance module (unlikely to purchase anytime soon) so we can't use the 'Vendor Ticketing' plugin.

Keen to hear from anyone around the way they have implemented this, any pitfalls, suggestions, etc.. would be appreciated.

Labels:
0 Helpfuls
  • 1,305 Views
1 ACCEPTED SOLUTION

Go to solution
Michael Fry1
Kilo Patron

‎12-13-2017 05:33 PM

1) a Query business rule for the vendors. I believe you can also do this with an ACL


2) HR has it's own roles. If the HR service group has the HR role, they can see HR tickets and report on them. Without the HR role, you can't see HR tickets and you can't report on the HR data.


View solution in original post

0 Helpfuls
2 REPLIES 2

Go to solution
Michael Fry1
Kilo Patron

‎12-13-2017 05:33 PM

1) a Query business rule for the vendors. I believe you can also do this with an ACL


2) HR has it's own roles. If the HR service group has the HR role, they can see HR tickets and report on them. Without the HR role, you can't see HR tickets and you can't report on the HR data.


0 Helpfuls

Go to solution
Carl Fransen1
Tera Guru
In response to Michael Fry1

‎12-14-2017 05:27 PM

Hi Michael,



Appreciate you assisting with this.   I haven't started on the Vendor (or first issue) yet but i have fixed the HR one after starting with your suggestion and working form there.



Adding a new role specifically for a single table worked a treat - as I updated the 'read' ACL to include the role and no-one without this role could see the record.   However this caused another issue - a customer (or end user), say a manager, who wants to log a confidential case, could log it, but then couldn't see it in the Portal at all - due to the role.



So what I had to do was modify the ACL to remove the role and update the condition to allow read if 'requester' is dymanis 'me' OR 'assignement group' is dymanic 'one of my groups'.   This then allowed customers to log cases via the portal and continue to see them.   The one thing that then came out fo thei was other HR team members with backend access could see their cases AND the 'work notes' whic are supposed to be hidden.   I fixed this by adding another 'read' ACL on the 'work notes' field based on the required role and that works a treat.



So thanks for your help with this - I'll hopefully work on the Vendor one soon...


0 Helpfuls