The Zurich release has arrived! Interested in new features and functionalities? Click here for more

Looking for Best Practice - ITIL User and separate their view

Mark Lanning
Tera Guru

a month ago

ServiceNow was purchased for our IT Department, as other departments within the same organization started to see the advantage of using ServiceNow for their daily processes they are now wanting access.

What is the Best Practice to be able to give other departments ITIL Access but limit their View.

 

IT Department only see IT Related Incidents

HR Department and a few IT Department only see those Incidents

Operational Department only sees Operational Related Incidents

 

I know using ACL and Business Rule is how, but is there another way or a best practice I should follow?

Can I make an ACL be multi-purpose base on Role?

Or Business Rule be multi-purpose base on the Role?

 

Want to streamline in a way I am not building a lot of ACL or Business Rule for each Department to limit their view. 

0 Helpfuls
  • 1,053 Views
3 REPLIES 3

Rafael Batistot
Kilo Patron

a month ago

Hi @Mark Lanning 

May you try these steps 

  1. Use Roles to Define Access

    • Create roles for each department, e.g., it_department, hr_department, ops_department.

    • Assign these roles to users based on their department.

  2. Create a Single ACL with a Script

    • Instead of one ACL per department, create a single ACL on the Incident table that uses a script to check the user’s role and department.

    • Example logic:

       
// ACL script for read access on incident
var dept = current.department.name; // or another field to identify department
if (gs.hasRole('it_department') && dept == 'IT') {
    answer = true;
} else if (gs.hasRole('hr_department') && dept == 'HR') {
    answer = true;
} else if (gs.hasRole('ops_department') && dept == 'Operations') {
    answer = true;
} else {
    answer = false;
}

  • This way, one ACL handles multiple departments dynamically.

  • Optional: Use Data Segmentation (Scoped Lists or Assignment Groups)

    • Instead of relying purely on department names, you can use assignment groups or custom fields to mark which incidents belong to which department.

    • The ACL script can then check those fields instead of hard-coded names.

  • Keep Business Rules for Logic, Not Security

    • Use Business Rules for automatic assignments, notifications, or other processes.

    • Avoid using BRs to restrict visibility; ACLs are the proper mechanism for security.

 

Dr Atul G- LNG
Tera Patron
Tera Patron

a month ago

Hi @Mark Lanning 

 

Greetings!! 

 

I am a BPC and got these types of issue day in day out, hppy to sahre mytgiogts.\

 

IT Department only see IT Related Incidents

-->In common cases, set the Group type as IT so that incidents can only be assigned to IT support.

 

HR Department and a few IT Department only see those Incidents

--> what is those ticket mean here? 

 

Operational Department only sees Operational Related Incidents

--> How will you determine if it is an operational issue? Do you have any subcategory or flag in the incident record to classify this? For example, if my laptop is not working and I belong to the HR department, how do you decide whether it is an IT issue or an operational issue?

 

 

So first, we need to decide and define how we are going to bifurcate the issue based on the department. Are you suggesting that using the user’s department will help clarify which department the incident belongs to? Another possible solution could be using ACLs, where we can restrict visibility so that a group can only see incidents assigned to their own group and not to others.

*************************************************************************************************************
If my response proves useful, please indicate its helpfulness by selecting " Accept as Solution" and " Helpful." This action benefits both the community and me.

Regards
Dr. Atul G. - Learn N Grow Together
ServiceNow Techno - Functional Trainer
LinkedIn: https://www.linkedin.com/in/dratulgrover
YouTube: https://www.youtube.com/@LearnNGrowTogetherwithAtulG
Topmate: https://topmate.io/atul_grover_lng [ Connect for 1-1 Session]

****************************************************************************************************************

Nikhil Bajaj9
Tera Sage

a month ago

Hi  @Mark Lanning 

 

My POV - Start simple by utilizing - 

 

  • sn_incident_read
  • sn_incident_write

Roles, see which department need which Role. Create assignment group and separate view for all departments. Set their default views and view rules.  Observe this approach for few days and if you think- things are not working as they should be then you can move with ACL and other approach. 

 

if my answer helped you in anyways, please mark it- solution accepted. 

 

Regards,

Nikhil Bajaj

Please appreciate my efforts, help and support extended to you by clicking on – “Accept as Solution”; button under my answer. It will motivate me to help others as well.
Regards,
Nikhil Bajaj