Please explain the service table.

M_Tomy · 3 週間前

Dear Experts

1. Prerequisites
・The “System Name” in operation is registered as “cmdb_ci_service”.
・Employee users have been assigned the “cmdb_read” role.
・ACLs for “cmdb_ci_service” grant the “cmdb_read” role read permissions.

2. Desired Outcome
・We want to enable selecting the “System Name” for which we wish to request work from the service table within catalog items.
The specification involves making the variable a reference type to retrieve and set values from the service table.

・The value of the catalog item variable (service name) will be stored in the “Service” field of the Request Table's out-of-the-box (OOTB) items via a flow.

3. Consultation
While considering the above, the CMDB team pointed out that “cmdb_ci_service” is a table intended for CMDB administrators and IT operations staff. They suggested that granting the “cmdb_read” role to employee users might not be advisable.

Therefore, my questions are:

Questions
① Is it inappropriate to grant the “cmdb_read” role to employee users?
② If we wish to implement the above, are there any recommended implementations from ServiceNow?
③ Are there other suitable alternatives for this scenario, such as referencing “cmdb_ci_service” or “cmdb_ci_service_business”?
※ Note: Records in “cmdb_ci_service_business” are currently empty.

Thank you in advance.

Mark Manders · 3 週間前

If you need those services to be selectable, you will grant your end users the rights to read the 'name' field of that table. You don't have to grant them the cmdb_read role (that could have serious license impact), but you do need to add a read acl to that field, so they can read it. You can just add a security attribute like isLoggedIn, or something like that while creating the ACL on the field.

Please mark any helpful or correct solutions as such. That helps others find their solutions.
Mark

M_Tomy · 3 週間前

@Mark Manders

Thank you for your reply.

I did consider ACLs for the field, but I want to determine the optimal solution considering how we plan to utilize CMDB-related tables going forward, including for employee users.

Incidentally, I checked the “license_role” table and saw that ‘cmdb_read’ has the role type “Requester.” Does this affect licensing?

Thank you in advance.

Mark Manders · 2 週間前

Any question related to licensing can only be answered by ServiceNow, because they have as many different contracts as they have customers. 'Requester' isn't usually licensed, but do check on that.
But: cmdb_read will allow access to the cmdb records and will probably show more than you need for end users.

Please mark any helpful or correct solutions as such. That helps others find their solutions.
Mark