ITIL Users not able to see their own time cards

hazyitsm
Kilo Contributor

‎08-09-2012 10:48 AM

We turned on Time Cards so that a user's time card is auto-created when they update a task. I also enabled the Time Cards application so that ITIL users have access to it. However, when any ITIL user clicks on any of the Time Cards views (Current, Pending, All, etc...), the results only show the "Number of rows removed from this list by Security constraints:" message.

When an Admin user tries the same thing, they see the appropriately filtered list, ie, the tasks they have updated show when looking at the Current, Pending, etc. views.

Thanks for your help!

Dan

Labels:
0 Helpfuls
  • 1,406 Views
6 REPLIES 6

Michael Kaufman
Giga Guru

‎08-09-2012 11:45 AM

When you receive the "Number of rows removed from this list by Security constraints" message, it means your Access Control (ACL) is limiting what they can see.

You can give the ITIL users the "timecard_user" role, or adjust the ACL and adding the itil role. In OOB Time Cards, the itil role can't do much with time cards. More information on Access Control
http://wiki.servicenow.com/index.php?title=Using_Access_Control_Rules

Also are you looking at "My Time Cards" section. If you are not, you might not want the itil user to view all time cards, maybe just their timecards.

Mike


0 Helpfuls

hazyitsm
Kilo Contributor
In response to Michael Kaufman

‎08-09-2012 01:14 PM

Thanks for the suggestions!

In my installation, there was no "timecard_user" role. I tried adding it manually, but that made no difference. I'm thinking there may be something wrong with my Timecard plugin. I'm going to have our security admin take a look at the ACL.

The ITIL users weren't seeing others' time cards. If I select the "All" view in the application (while impersonating an ITIL user) the security message only references the number of tasks that person has updated, not ALL time card entries.


0 Helpfuls

Michael Kaufman
Giga Guru

‎08-09-2012 01:58 PM

I'm sorry, I guess the timecard_user role isn't available in an OOB system. That is something we added here.

There is something that needs to be adjusted in your ACL though that is correct. You can check out a demo system to see if your system differs than OOB, however the OOB system appears to have the same message for an ITIL role. It requires some ACL adjustment for ITIL I believe.

Mike


0 Helpfuls

dhanna
Kilo Contributor

‎01-09-2013 02:44 PM

Dan,
Did you ever figure out a fix for this? I am experiencing the same problem. I'll admit that I'm not familiar with ACL functionality; however, it doesn't seem that I should need to be in this case. I would consider this a defect unless I'm misinterpreting Mike's response above, which seems to indicate that this is the functionality as delivered and not a result of our customization.

Thanks in advance for any input you can provide!

David


0 Helpfuls