We need to make user profile read only to anyone who does NOT have admin role on all instances
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎10-03-2023 06:10 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎10-03-2023 06:36 AM
Hi Ranjana,
You have to create a Read ACL For the sys_user Table.
You can make it a Table level Acl i.e You have to provide the table name
You can give admin role to the ACL .
No need to write a script.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎10-03-2023 07:01 AM
Hi Ranjan,
Is it helpful to you.If yes then mark it as solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎10-03-2023 09:09 PM
Hello @Ranjana Girotra ,
In ServiceNow, you can make a user profile read-only for users who don't have an admin role by configuring ACLs (Access Control Lists). Here's a general outline of the steps:
1. Identify the Profile Table: Determine which table holds the user profiles. Common tables for user profiles include "sys_user".
2. Create a New ACL: Go to "System Security" > "Access Control" > "Roles." Create a new ACL record. In this record, specify the table (from step 1) that you want to make read-only, and set the operation to "Read."
3. Specify Conditions: In the ACL record, under the "Conditions" tab, define a condition that checks whether the user has the admin role or not. You can use the "user_has_role" function to do this. For example:
javascript
gs.hasRole('admin')
This condition will return true if the user has the admin role.
4. Set the Script: Under the "Script" tab of the ACL record, you can specify a script that should run when the condition from step 3 is false (i.e., when the user doesn't have the admin role). In this script, you can restrict access to the profile fields by using the current object. For example:
javascript
if (!gs.hasRole('admin')) {
current.setReadOnly(true);
}
This script sets the current record (the user profile) to read-only if the user doesn't have the admin role.
5. Activate the ACL: Ensure the ACL is active by checking the "Active" box in the ACL record.
6. Test: Test the configuration by logging in with a user who doesn't have an admin role and verifying that they can only read the user profile but not modify it.
Please mark my solution correct or helpful, if applicable.
Thanks & Regards,
Chaitali Vale
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎10-03-2023 10:36 PM
HI @Ranjana Girotra ,
I trust you are doing great.
To make the user profile read-only for anyone without the admin role across all instances in ServiceNow, you can follow these steps:
Navigate to the User Table: Go to sys_user table where the user profiles are stored.
Update the Access Control Rules:
- Create or modify an Access Control Rule (ACL) for the sys_user table.
- Set the Operation to Write.
- In the Requires Role field, add the admin role.
- In the Condition field, you can specify any additional conditions if required.
- Save the ACL.
Test the Configuration:
- Log in with a non-admin user and try to modify a user profile. The changes should be restricted, and the profile should appear read-only.
Was this answer helpful?
Please consider marking it correct or helpful.
Your feedback helps us improve!
Thank you!
Regards,
Amit Gujrathi
