Delegate ability to edit Group Membership but not create new groups or assign roles to groups
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎06-03-2009 07:50 PM
Rather than have group membership controlled centrally, I'd like to allow members of a specific group (my site managers) to be able to edit the membership of groups they own. However, I want to prevent them from adding new groups or changing the roles associated with the groups they own.
I'm new to Service-now and do not know the options or level of difficulty involved. Any suggestions or insights would be greatly appreciated.
Thanks!
- Labels:
-
Orchestration (ITOM)
-
Service Mapping

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎06-25-2009 03:42 PM
You would need to use ACL (contextual security) to accomplish this. The good news is that group memberships are recorded in a separate table from the sys_group table. So you can allow users (group manager) to edit the membership whilst preventing them manipulating the higher level group table. It reasonably advanced stuff but can be achieved I think.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎10-22-2009 10:18 AM
We are in the process of migrating to Service-Now and would like to have the same type of functionality in group administration. We will have a core set of groups and roles that will be used for security and access within Service-Now. However, we want to have group managers/supervisors to have the ability to add/remove users from a specific assignment group. Has anyone completed something like this in SNC? Thanks.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎02-02-2010 08:08 AM
I'm not sure if you still need this info, but we did the same thing:
We created a module called "My Group(s) Members" that displayed a list of records. We filter the group manager with javascript:gs.getUserID(), then run the arguement below. You also have to turn off some of the list control items like breadcrumbs and edit. Hope this helps.
function GroupDisplayFilter() {
if (gs.getUser().hasRoles() && gs.hasRole("itil"))
answer = "true";
else
answer = "false";
if (gs.hasRole("admin"))
answer = "true";
return answer;
}