Why does the Read Only role, snc_read_only, allow editing sys_user_preference table?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎07-26-2017 03:14 PM
In my custom SN developer instance https://dev20752.service-now.com/ as well as any new instance spun up, I am able to go to the "User Preferences" menu and edit fields directly if admin and snc_read_only is applied. This seems to be a counter to what the Wiki article at http://wiki.servicenow.com/index.php?title=ServiceNow_Read_Only_Role says "Once you assign this role to a user, they can no longer can create, update, or delete records on ANY tables."
Any thoughts? is this a bug? is this intended?
And finally is there a way to correct for this?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎07-27-2017 07:09 AM
Hi Matt,
I believe the context here means roles such as metric_admin ,rota_admin or report_admin, not the "ADMIN" himself. But definitely this needs more insight..
kalai thoughts?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎07-27-2017 08:22 AM
I should mention this was while logged in as an admin with both roles applied. All other tables I tested (would be hard to test them all) do not have edit rights even with logged in with admin + read only roles. When you try to edit another table value you get something like "Security prevents writing to this field."
So why would admin override work on only this one table sys_user_preference but not other tables? Either way that sounds like a design flaw or at least is misrepresented in the documentation for that plugin/role.
