View Change Request without granting any roles

Arjun Sreekumar · ‎01-29-2025

Hello,

Hope you are doing well.
I have a requirement; Let's assume a user 'A' who does not have any roles assigned to him.
For Change Requests, weekly a notification is triggered that includes the list of changes that is scheduled/implemented for the week. The notification is set to trigger to a DL, in which the user 'A' is part of.
When user clicks on one of the change requests, it does not show any details.

Please let me know if there is a workaround to achieve this that grant user to view the change record information.

Regards,

Arjun

Sandeep Rajput · ‎01-29-2025

@Arjun Sreekumar You can add the members of the DL to watchlist to allow them have access to the change request.

Community Alums · ‎01-29-2025

Hi @Arjun Sreekumar ,

Modify ACLs (Access Control Rules):
- Go to System Security > Access Control (ACL).
- Locate the ACL for the change_request table (read operation).
- Create a new ACL for read permission, or modify an existing one to allow users without roles to read specific change request records.
- Example condition:
  javascript
  CopyEdit
  gs.getUserName() == "A" || gs.getUser().isMemberOf("Change Notification Group")
  This ensures that user A or members of the specific group can access the change records.
- Be cautious when modifying ACLs; ensure you limit access only to required records.
Use a Script Include/Business Rule for Specific Access:
- If you need granular control, create a Script Include or Business Rule to check conditions dynamically for the users or group. Allow access only to records that match specific conditions (like scheduled or implemented changes).

The issue occurs because user A does not have any roles assigned and lacks the necessary permissions to view the details of the change request. ServiceNow enforces role-based access control (RBAC), meaning users must have the required roles to access certain records or modules.

Here’s how you can address this:

Solution 1: Use Publicly Accessible Change Request Records

Modify ACLs (Access Control Rules):
- Go to System Security > Access Control (ACL).
- Locate the ACL for the change_request table (read operation).
- Create a new ACL for read permission, or modify an existing one to allow users without roles to read specific change request records.
- Example condition:
  javascript
  CopyEdit
  gs.getUserName() == "A" || gs.getUser().isMemberOf("Change Notification Group")
  This ensures that user A or members of the specific group can access the change records.
- Be cautious when modifying ACLs; ensure you limit access only to required records.
Use a Script Include/Business Rule for Specific Access:
- If you need granular control, create a Script Include or Business Rule to check conditions dynamically for the users or group. Allow access only to records that match specific conditions (like scheduled or implemented changes).

Solution 2: Enable Read Permissions via Roles

Assign a Limited Role to User A:
- Create a custom role (e.g., change_readonly).
- Assign this role to user A.
- Update the ACL for change_request to allow users with the change_readonly role to view the change requests.
- This ensures that user A can read the records without having full access to other change management functionalities.

Solution 4: Create a Shared Dashboard

Create a Dashboard:
- Use the Report or Dashboard functionality to show scheduled/implemented changes for the week.
- Share the dashboard with the DL group so that all members, including user A, can view the report.
Embed the Dashboard in Notifications:
- Include a link to the shared dashboard in the notification instead of linking to individual change requests.

Arjun Sreekumar · ‎02-10-2025

@Community Alums Thank you for the update.
It did work to an extent but the challenge now with that is when the custom roles are granted and when the user clicks on the email communication link to access a change request, it navigates user to the UI. Expectation should be user will be able to see the change details in Employee Center Page.