Share my reports with any user/group I like, but prevent them edit/delete/re-share my reports
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-28-2023 12:56 PM
How can I satisfy the following requirement ?
As an itil user, I'd like to be able to share the reports I created in ServiceNow with any "user" or "group" I choose, but the users I shared the reports should NOT be able to delete/edit/ or re-share my reports. Only report creator ( and the report_admin) should be able to delete/edit/or re-share reports.
1- With the standard 'report_global' role (which also inherits the 'report_user' role):
- Users able to create reports, but not able to share with any user/group they like. Only option they have is share with "everyone". (which is NOT good)
- When the report is shared with "everyone", users can not delete/edit/re-share those reports shared with them (which is good)
2- With the 'report_group' role (which also inherits the 'report_user' role ) :
- Users are able to create reports, and able to share with any "user"/"group" they like. (which is good)
- But, other users (the users who are those reports shared with) are able to delete/edit/re-share those reports that are shared with them ( which is NOT good)
How can we combine the "good" bullet points from 2 users roles described above.

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-28-2023 01:08 PM
Can you just give them link to the published report?
I dont think a user would need any role to view the report. You can just share the report with the user and they can just view it. If the users have additional reporting roles, you mayn't have control on restricting sharing access.
Please mark this response as correct or helpful if it assisted you with your question.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-28-2023 01:41 PM
Hello Sanjiv,
One quick detail: The users receiving these reports are also fulfillers ( or managers of the fulfillers). They need to have the necessary permissions (roles) to create and share their own reports too. So only the 'report_user' role is not sufficient.
We don't like giving the published report link for two reasons:
1- The links are send to users via email ( scheduled report), and when they click the link ( first thing in the morning without having an open ServiceNow instance ) they get an error message. If they try again it opens up the report, but it is not liked by our users.
2- The published reports do not have hyperlinks to allow users click on them and open the record.
Therefore, unfortunately we had to share the "edit report" view link.

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-28-2023 01:55 PM
I suppose those fulfillers should only have report_group role.
Based on the documentation, if it is shared to their group, users in that group will have access to manage the report. Do you share those reports to their group or to individuals or to a particular role. If to a particular role, they mayn't have access to delete.
The documentation has only few roles, so you dont really have much control on who can manage the reports.
Please mark this response as correct or helpful if it assisted you with your question.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-29-2023 06:10 AM
The users that I am talking about are all IT people (fulfillers) in our company and we all want them to be able to create their own reports and allow them to share their reports to the 'groups' or 'users' of their choice. It's not just me (report admin) creating reports and sharing to others. Everyone in our IT department should be able to this.
When we give them 'report_group' role, yes they can do that. But, their reports can be accidentally deleted or edited by the other users that the report was shared with, because they have the 'report_group' role too. It is not good.
I believe the solution to my problem is:
1- Give 'report_group' role to all my IT people (fulfillers and their managers )
2- Customize the "Edit report" view to prevent the logged in user delete/edit/re-share the report, if the logged in user is NOT the 'report_admin' or the 'creator of that report'. I believe this might be accomplished by disabling the following buttons on that view with that given condition:
- 'Delete report' button
- 'Save' and 'Update' buttons
- 'Share' button
With this post, I was hoping to get some guidance on how to do that step 2. Or, I am open for other suggestions too.