Delegate ability to edit Group Membership but not create new groups or assign roles to groups

sbailey1 · ‎06-03-2009

Rather than have group membership controlled centrally, I'd like to allow members of a specific group (my site managers) to be able to edit the membership of groups they own. However, I want to prevent them from adding new groups or changing the roles associated with the groups they own.

I'm new to Service-now and do not know the options or level of difficulty involved. Any suggestions or insights would be greatly appreciated.

Thanks!

Report Inappropriate Content · ‎06-25-2009

You would need to use ACL (contextual security) to accomplish this. The good news is that group memberships are recorded in a separate table from the sys_group table. So you can allow users (group manager) to edit the membership whilst preventing them manipulating the higher level group table. It reasonably advanced stuff but can be achieved I think.

Rick Mann · ‎10-22-2009

We are in the process of migrating to Service-Now and would like to have the same type of functionality in group administration. We will have a core set of groups and roles that will be used for security and access within Service-Now. However, we want to have group managers/supervisors to have the ability to add/remove users from a specific assignment group. Has anyone completed something like this in SNC? Thanks.

Rick Mann · ‎02-02-2010

I'm not sure if you still need this info, but we did the same thing:

We created a module called "My Group(s) Members" that displayed a list of records. We filter the group manager with javascript:gs.getUserID(), then run the arguement below. You also have to turn off some of the list control items like breadcrumbs and edit. Hope this helps.

function GroupDisplayFilter() {
if (gs.getUser().hasRoles() && gs.hasRole("itil"))
answer = "true";
else
answer = "false";

if (gs.hasRole("admin"))
answer = "true";

return answer;

}