Delegate ability to edit Group Membership but not create new groups or assign roles to groups

sbailey1
Tera Contributor

Rather than have group membership controlled centrally, I'd like to allow members of a specific group (my site managers) to be able to edit the membership of groups they own. However, I want to prevent them from adding new groups or changing the roles associated with the groups they own.

I'm new to Service-now and do not know the options or level of difficulty involved. Any suggestions or insights would be greatly appreciated.

Thanks!

3 REPLIES 3

Not applicable

You would need to use ACL (contextual security) to accomplish this. The good news is that group memberships are recorded in a separate table from the sys_group table. So you can allow users (group manager) to edit the membership whilst preventing them manipulating the higher level group table. It reasonably advanced stuff but can be achieved I think.


We are in the process of migrating to Service-Now and would like to have the same type of functionality in group administration. We will have a core set of groups and roles that will be used for security and access within Service-Now. However, we want to have group managers/supervisors to have the ability to add/remove users from a specific assignment group. Has anyone completed something like this in SNC? Thanks.


Rick Mann
Tera Expert

I'm not sure if you still need this info, but we did the same thing:

We created a module called "My Group(s) Members" that displayed a list of records. We filter the group manager with javascript:gs.getUserID(), then run the arguement below. You also have to turn off some of the list control items like breadcrumbs and edit. Hope this helps.


function GroupDisplayFilter() {
if (gs.getUser().hasRoles() && gs.hasRole("itil"))
answer = "true";
else
answer = "false";

if (gs.hasRole("admin"))
answer = "true";

return answer;

}