Dear Experts
1. Prerequisites
・The “System Name” in operation is registered as “cmdb_ci_service”.
・Employee users have been assigned the “cmdb_read” role.
・ACLs for “cmdb_ci_service” grant the “cmdb_read” role read permissions.
2. Desired Outcome
・We want to enable selecting the “System Name” for which we wish to request work from the service table within catalog items.
The specification involves making the variable a reference type to retrieve and set values from the service table.
・The value of the catalog item variable (service name) will be stored in the “Service” field of the Request Table's out-of-the-box (OOTB) items via a flow.
3. Consultation
While considering the above, the CMDB team pointed out that “cmdb_ci_service” is a table intended for CMDB administrators and IT operations staff. They suggested that granting the “cmdb_read” role to employee users might not be advisable.
Therefore, my questions are:
Questions
① Is it inappropriate to grant the “cmdb_read” role to employee users?
② If we wish to implement the above, are there any recommended implementations from ServiceNow?
③ Are there other suitable alternatives for this scenario, such as referencing “cmdb_ci_service” or “cmdb_ci_service_business”?
※ Note: Records in “cmdb_ci_service_business” are currently empty.
Thank you in advance.
