Customize Permissions for Demand Workbench
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-25-2017 01:32 PM
Hello,
Is it possible to change/modify the Roles required for a user to view/interact with the Demand workbench? As things currently stand the only way for a user to access the Demand Workbench is for them to have both the 'it_demand_manager' and 'demand_manager' roles. We would like to have more control over what Demand Managment users have access to, but want to avoid making changes to OOB roles such as demand_manager.
Ideally we would like to create a set of custom Roles such that we can give users access to Demand Management and the Workbench, but retain the ability to restrict other permissions (i.e. delete, etc). Is this possible?
Thanks.
- Labels:
-
Security Operations
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-25-2017 02:16 PM
Hi Alex,
You should be able to control access to workbench using the basic controls on Servicenow platform, such as
- ACLs: Access control rules
- UI Policies: Create a UI policy
- Client Scripts: Client scripts
- Data Policies: Data policy
I would start with ACLs.
You can create new roles to work along with the OOB 'it_demand_manager' and 'demand_manager'. After you create the new role you can use it on ACLs, and other pages where you can control the users access.
Since you do not want to change OOB configuration, you could find the OOB ACLs for the workbench tables use 'Insert and Stay' functionality (right click on the ACL form header and select 'Insert and Stay') after making changes on them.
Let me know if perhaps I misunderstood your question.
Best
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-07-2017 01:18 PM
This issue is currently I cannot get my users to view the demand workbench unless they have the 'demand_manager' role, users without that role see the following when they try to open the workbench:
YOU DO NOT HAVE SUFFICIENT PRIVILEGES TO VIEW THE DEMAND WORKBENCH
To use Demand Workbench, please contact your system administrator
. I have created alternate roles as you suggested and defined ACLs, but unless the user has the OOB demand_manager role it seems like they cannot view the demand workbench. This is a pretty key roadblock to what I would like to accomplish since the workbench is a fairly integral part of Demand/Project management.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-17-2018 02:38 PM
Did you ever find a solution to this? I am looking to do something similar.
Thanks.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-18-2018 06:12 AM
Unfortunately not. It's been a while since I looked at this but if I remember correctly there was a hardcoded check for the demand_manager role somewhere in the Workbench code. I believe there's an enhancement related to this floating around somewhere but I have not heard any updates about it since.
