- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-16-2024 02:09 PM - edited 07-16-2024 03:10 PM
Hello Experts,
I was able to successfully create an automated service request to add ReadOnly Admin access upon request submission in the production environment.
Additionally, there is a requirement to remove this access when needed.
However, there is a problem. Once a user is granted read_only access, they are unable to submit a request themselves to remove. Instead, someone else must submit the request on their behalf. This workaround is not accepted and I cannot provision full admin access. I am uncertain about how to handle this particular scenario.
Anyone came across these type of scenario and how you handled it ?
Thanks in advance for reviewing this post and your response.
Solved! Go to Solution.
- Labels:
-
Request Management
-
Service Catalog
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-16-2024 05:59 PM
Hi @VS M ,
I think this cannot be achieved as users don't have permissions to submit.
You can make use of the ServiceNow's latest functionality - Time-Limited User Roles.
Please take a look into this article-
If my response has resolved your query, please consider giving it a thumbs up and marking it as the correct answer!
Thanks & Regards,
Sanjay Kumar

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-16-2024 06:15 PM
Interesting problem!
It appears ServiceNow has done pretty good work locking every single thing with snc_read_only!
However, there may be one hack I suggest you to try, and let me know if it works..
Configure an inbound email action... ask your users to send something identifiable in the subject ... perhaps a static string that says 'request to access platform'.
Make your inbound action script identify the sender with the email, and then use the Cart API to programmatically submit a request to your catalog item. 😎
Sample Cart API (Global):
var cartId = GlideGuid.generate(null);
var cart = new Cart(cartId);
var item = cart.addItem('<<put your catalog item sysid here>>');
cart.setVariable(item,'<<fieldname>>','<<field value>>');
var rc = cart.placeOrder();
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-16-2024 05:59 PM
Hi @VS M ,
I think this cannot be achieved as users don't have permissions to submit.
You can make use of the ServiceNow's latest functionality - Time-Limited User Roles.
Please take a look into this article-
If my response has resolved your query, please consider giving it a thumbs up and marking it as the correct answer!
Thanks & Regards,
Sanjay Kumar

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-16-2024 06:15 PM
Interesting problem!
It appears ServiceNow has done pretty good work locking every single thing with snc_read_only!
However, there may be one hack I suggest you to try, and let me know if it works..
Configure an inbound email action... ask your users to send something identifiable in the subject ... perhaps a static string that says 'request to access platform'.
Make your inbound action script identify the sender with the email, and then use the Cart API to programmatically submit a request to your catalog item. 😎
Sample Cart API (Global):
var cartId = GlideGuid.generate(null);
var cart = new Cart(cartId);
var item = cart.addItem('<<put your catalog item sysid here>>');
cart.setVariable(item,'<<fieldname>>','<<field value>>');
var rc = cart.placeOrder();