The CreatorCon Call for Content is officially open! Get started here.

Share my reports with any user/group I like, but prevent them edit/delete/re-share my reports

Ozgur Baykal
Tera Contributor

‎11-28-2023 12:56 PM

How can I satisfy the following requirement ?
As an itil user, I'd like to be able to share the reports I created in ServiceNow with any "user" or "group" I choose, but the users I shared the reports should NOT be able to delete/edit/ or re-share my reports. Only report creator ( and the report_admin) should be able to delete/edit/or re-share reports.

1- With the standard 'report_global' role (which also inherits the 'report_user' role):

- Users able to create reports, but not able to share with any user/group they like. Only option they have is share with "everyone". (which is NOT good)

- When the report is shared with "everyone", users can not delete/edit/re-share those reports shared with them (which is good)

2- With the 'report_group' role (which also inherits the 'report_user' role ) :

- Users are able to create reports, and able to share with any "user"/"group" they like. (which is good)

- But, other users (the users who are those reports shared with) are able to delete/edit/re-share those reports that are shared with them ( which is NOT good)

How can we combine the "good" bullet points from 2 users roles described above.

 

0 Helpfuls
  • 1,939 Views
5 REPLIES 5

SanjivMeher
Kilo Patron
Kilo Patron

‎11-28-2023 01:08 PM

Can you just give them link to the published report?

I dont think a user would need any role to view the report. You can just share the report with the user and they can just view it. If the users have additional reporting roles, you mayn't have control on restricting sharing access.


Please mark this response as correct or helpful if it assisted you with your question.
0 Helpfuls

Ozgur Baykal
Tera Contributor
In response to SanjivMeher

‎11-28-2023 01:41 PM

Hello Sanjiv,

One quick detail: The users receiving these reports are also fulfillers ( or managers of the fulfillers). They need to have the necessary permissions (roles) to create and share their own reports too. So only the 'report_user' role is not sufficient. 
We don't like  giving the published report link for  two reasons:

1- The links are send to users via email ( scheduled report), and when they click the link ( first thing  in the morning without having an open ServiceNow instance ) they get an error message. If they try again it opens up the report, but it is not liked by our users.

2- The published reports do not have hyperlinks to allow users click on them and open the record.

Therefore, unfortunately we had to share the "edit report" view link.  

 

0 Helpfuls

SanjivMeher
Kilo Patron
Kilo Patron
In response to Ozgur Baykal

‎11-28-2023 01:55 PM

I suppose those fulfillers should only have report_group role.

Based on the documentation, if it is shared to their group, users in that group will have access to manage the report. Do you share those reports to their group or to individuals or to a particular role. If to a particular role, they mayn't have access to delete.

SanjivMeher_0-1701208348065.png

The documentation has only few roles, so you dont really have much control on who can manage the reports.

https://docs.servicenow.com/bundle/vancouver-now-intelligence/page/use/reporting/reference/reporting...

 


Please mark this response as correct or helpful if it assisted you with your question.
0 Helpfuls

Ozgur Baykal
Tera Contributor
In response to SanjivMeher

‎11-29-2023 06:10 AM

The users that I am talking  about are all IT people (fulfillers) in our company and we all want them to be able to create their own reports and allow them to share their reports to the 'groups' or 'users' of their choice. It's not just me (report admin) creating reports and sharing to others. Everyone in our IT department should be able to this.
When we give them 'report_group' role, yes they can do that. But, their reports can be accidentally deleted or edited by the other users that the report was shared with, because they have the 'report_group' role too. It is not good.

I believe the solution to my problem is:

1- Give 'report_group' role to all my IT people (fulfillers and their managers )
2- Customize the "Edit report" view to prevent the logged in user delete/edit/re-share the report, if the logged in user is NOT the 'report_admin' or the 'creator of that report'. I believe this might be accomplished by disabling the following buttons on that view with that given condition:

- 'Delete report' button

- 'Save' and 'Update' buttons

- 'Share' button

With this post, I was hoping to get some guidance on how to do that step 2. Or, I am open for other suggestions too.

0 Helpfuls