Allow requestor to add or remove ReadOnly Admin access at their own convenience via service request

VS M
Tera Expert

Hello Experts,

 

I was able to successfully create an automated service request to add ReadOnly Admin access upon request submission in the production environment.

Additionally, there is a requirement to remove this access when needed.
However, there is a problem. Once a user is granted read_only access, they are unable to submit a request themselves to remove. Instead, someone else must submit the request on their behalf. This workaround is not accepted and I cannot provision full admin access. I am uncertain about how to handle this particular scenario.

 

Anyone came across these type of scenario and how you handled it ?

 

Thanks in advance for reviewing this post and your response.

2 ACCEPTED SOLUTIONS

Community Alums
Not applicable

Hi @VS M ,

I think this cannot be achieved as users don't have permissions to submit.

 

You can make use of the ServiceNow's latest functionality - Time-Limited User Roles.

 

Please take a look into this article-

https://www.servicenow.com/community/now-platform-articles/washington-s-time-limited-user-roles/ta-p...

 

If my response has resolved your query, please consider giving it a thumbs up ‌‌ and marking it as the correct answer‌‌!


Thanks & Regards,

Sanjay Kumar

View solution in original post

AnirudhKumar
Mega Sage
Mega Sage

Interesting problem!

It appears ServiceNow has done pretty good work locking every single thing with snc_read_only

 

However, there may be one hack I suggest you to try, and let me know if it works..

Configure an inbound email action... ask your users to send something identifiable in the subject ... perhaps a static string that says 'request to access platform'.

Make your inbound action script identify the sender with the email, and then use the Cart API to programmatically submit a request to your catalog item. 😎

 

Sample Cart API (Global):

var cartId = GlideGuid.generate(null);

var cart = new Cart(cartId);

var item = cart.addItem('<<put your catalog item sysid here>>');

cart.setVariable(item,'<<fieldname>>','<<field value>>');

var rc = cart.placeOrder();

View solution in original post

2 REPLIES 2

Community Alums
Not applicable

Hi @VS M ,

I think this cannot be achieved as users don't have permissions to submit.

 

You can make use of the ServiceNow's latest functionality - Time-Limited User Roles.

 

Please take a look into this article-

https://www.servicenow.com/community/now-platform-articles/washington-s-time-limited-user-roles/ta-p...

 

If my response has resolved your query, please consider giving it a thumbs up ‌‌ and marking it as the correct answer‌‌!


Thanks & Regards,

Sanjay Kumar

AnirudhKumar
Mega Sage
Mega Sage

Interesting problem!

It appears ServiceNow has done pretty good work locking every single thing with snc_read_only

 

However, there may be one hack I suggest you to try, and let me know if it works..

Configure an inbound email action... ask your users to send something identifiable in the subject ... perhaps a static string that says 'request to access platform'.

Make your inbound action script identify the sender with the email, and then use the Cart API to programmatically submit a request to your catalog item. 😎

 

Sample Cart API (Global):

var cartId = GlideGuid.generate(null);

var cart = new Cart(cartId);

var item = cart.addItem('<<put your catalog item sysid here>>');

cart.setVariable(item,'<<fieldname>>','<<field value>>');

var rc = cart.placeOrder();