Roles, Groups, Permissions and Changing Views
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-07-2013 09:57 AM
Hey all.
We are looking to implement a more refined approach to handling our various users and their access rights / views.
Our company has several locations worldwide. What we'd like to accomplish is to have each location have their own tasks, incidents, requests all filtered for that location. So if I have a user in Berlin, he or she will have a specific view within service now that is specific to that location, and that user will only see information that is particular to that location. We wish to segregate it so that users who are working in service now are only dealing with tasks that are related to their office, rather than seeing tickets and tasks from all other offices.
At the same time we wish to make it so that users have certain limitations to make changes.. so provide read only rights over certain things (such as already created tickets), as well as what sections of Service Now they are provided and not provided.
Now, I have read about the different areas that would need to be used (modules, roles, groups, users) and it seems to me that the best way to achieve this type of structure is by basing it off of the user's location. We have made steps in our instance so that every something is created (task, item request etc) the user who is requesting has their location autopopulated in the form.
But that being said, how can we make each location only see data that is related to them? Do we need to setup new roles? Would they need to be split up, so say for IT, we'd have an IT role for each location, and likewise for any other department.. HR, Facilities, TechOps, etc. Also, would new modules need to be created to tell tickets to only display for users based on their location?
What I'm looking for is a bit of discussion as to how we could achieve this type of a setup and what kind of approach would be best. Again, I think I understand how it should work, but as there are so many ways to get there with Service Now, what would be the most effective, least time consuming, and most scalable - for this, I highly regard the word of the experts..
I appreciate any suggestions that you all may have and look forward to hearing them!!
- Labels:
-
Orchestration (ITOM)
-
Service Mapping
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-28-2013 06:05 AM
Hi,
From a high level view:
The outline is:
- Each location (studio) should only see tasks which has been logged for that location
(As incidents/tickets/change requests/etc are all extended from the task table, it's easier to run it off this)
The simplest method, if everyone has already been allocated a location, is to do the filtering at the Business Rule level (since everyone will need to read the task table) using a "Before Query" rule.
current.addQuery('location', gs.getUser().getLocation() );
This will allow users to only see tasks with the same location.
Anything else, such as having people access multiple sites would probably require more work to setup but simply, you just need to put people in a "group" for each site and then add this to the business rule.
The "group" will be the location or something else setup.
Hopefully that points you in the right direction.
Pete
