Hi Jeff
I think you're right you need to create a new role for instance 'contract_reader'.
The solution suggested involves the use of ACLs.
Please if you never worked with ACLs before ServiceNow recommend to check the wiki and understand the possible impact on the instance.
Always be careful using ACLs.
Using Access Control Rules - ServiceNow Wiki
Next step will be to open the contract mgt application to the new role and also update all the modules you want to show to the end users.
After that activate the Elevated Role > 'security admin' and from the contract table check the list of security roles
Group by Operation and check only the 'Read' ones
Check for the following record
Now just add the new role to the list of role and save.
IMPORTANT. You don't need to change anything else. Always be careful in changing ACLs because can cause issues on your instance !
Now provide the new role 'contract_reader' to one of the user with no roles and check the result.
On the other hand here's a user without the new role.
Now you need to repeat a similar process for the 'Managed Document modules/Application and ACLs'.
Always bare in mind you need to investigate and analyse each element involved (tables/Applications/modules/ACLs) before to start.
Plus i also suggest to understand if the user must be allowed to see the content of other tables.
In fact as visible in the next image the reader is required to be able to see info from 'Asset' but as per OOB the user can't.
Hi Jeff
I think you're right you need to create a new role for instance 'contract_reader'.
The solution suggested involves the use of ACLs.
Please if you never worked with ACLs before ServiceNow recommend to check the wiki and understand the possible impact on the instance.
Always be careful using ACLs.
Using Access Control Rules - ServiceNow Wiki
Next step will be to open the contract mgt application to the new role and also update all the modules you want to show to the end users.
After that activate the Elevated Role > 'security admin' and from the contract table check the list of security roles
Group by Operation and check only the 'Read' ones
Check for the following record
Now just add the new role to the list of role and save.
IMPORTANT. You don't need to change anything else. Always be careful in changing ACLs because can cause issues on your instance !
Now provide the new role 'contract_reader' to one of the user with no roles and check the result.
On the other hand here's a user without the new role.
Now you need to repeat a similar process for the 'Managed Document modules/Application and ACLs'.
Always bare in mind you need to investigate and analyse each element involved (tables/Applications/modules/ACLs) before to start.
Plus i also suggest to understand if the user must be allowed to see the content of other tables.
In fact as visible in the next image the reader is required to be able to see info from 'Asset' but as per OOB the user can't.
