Please explain the service table.

M_Tomy · 4 時間前

Dear Experts

1. Prerequisites
・The “System Name” in operation is registered as “cmdb_ci_service”.
・Employee users have been assigned the “cmdb_read” role.
・ACLs for “cmdb_ci_service” grant the “cmdb_read” role read permissions.

2. Desired Outcome
・We want to enable selecting the “System Name” for which we wish to request work from the service table within catalog items.
The specification involves making the variable a reference type to retrieve and set values from the service table.

・The value of the catalog item variable (service name) will be stored in the “Service” field of the Request Table's out-of-the-box (OOTB) items via a flow.

3. Consultation
While considering the above, the CMDB team pointed out that “cmdb_ci_service” is a table intended for CMDB administrators and IT operations staff. They suggested that granting the “cmdb_read” role to employee users might not be advisable.

Therefore, my questions are:

Questions
① Is it inappropriate to grant the “cmdb_read” role to employee users?
② If we wish to implement the above, are there any recommended implementations from ServiceNow?
③ Are there other suitable alternatives for this scenario, such as referencing “cmdb_ci_service” or “cmdb_ci_service_business”?
※ Note: Records in “cmdb_ci_service_business” are currently empty.

Thank you in advance.

Mark Manders · 53 分前

If you need those services to be selectable, you will grant your end users the rights to read the 'name' field of that table. You don't have to grant them the cmdb_read role (that could have serious license impact), but you do need to add a read acl to that field, so they can read it. You can just add a security attribute like isLoggedIn, or something like that while creating the ACL on the field.

Please mark any helpful or correct solutions as such. That helps others find their solutions.
Mark