- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-07-2016 08:31 AM
I have been entering in every contract we locate into the Contract Management section of ServiceNow and attaching electronic copies of all related documents to each contract utilizing the Managed Documents module. How do we give a user the ability to only view the contracts and the attached documents? We do not want them to have the ability to change, delete, or create new. I am assuming a new role is required, but we have not done this yet. Has someone out there set this up already? Can you help us with this? Thank you, Jeff
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-07-2016 09:46 AM
Hi Jeff
I think you're right you need to create a new role for instance 'contract_reader'.
The solution suggested involves the use of ACLs.
Please if you never worked with ACLs before ServiceNow recommend to check the wiki and understand the possible impact on the instance.
Always be careful using ACLs.
Using Access Control Rules - ServiceNow Wiki
Next step will be to open the contract mgt application to the new role and also update all the modules you want to show to the end users.
After that activate the Elevated Role > 'security admin' and from the contract table check the list of security roles
Group by Operation and check only the 'Read' ones
Check for the following record
Now just add the new role to the list of role and save.
IMPORTANT. You don't need to change anything else. Always be careful in changing ACLs because can cause issues on your instance !
Now provide the new role 'contract_reader' to one of the user with no roles and check the result.
On the other hand here's a user without the new role.
Now you need to repeat a similar process for the 'Managed Document modules/Application and ACLs'.
Always bare in mind you need to investigate and analyse each element involved (tables/Applications/modules/ACLs) before to start.
Plus i also suggest to understand if the user must be allowed to see the content of other tables.
In fact as visible in the next image the reader is required to be able to see info from 'Asset' but as per OOB the user can't.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-07-2016 09:46 AM
Hi Jeff
I think you're right you need to create a new role for instance 'contract_reader'.
The solution suggested involves the use of ACLs.
Please if you never worked with ACLs before ServiceNow recommend to check the wiki and understand the possible impact on the instance.
Always be careful using ACLs.
Using Access Control Rules - ServiceNow Wiki
Next step will be to open the contract mgt application to the new role and also update all the modules you want to show to the end users.
After that activate the Elevated Role > 'security admin' and from the contract table check the list of security roles
Group by Operation and check only the 'Read' ones
Check for the following record
Now just add the new role to the list of role and save.
IMPORTANT. You don't need to change anything else. Always be careful in changing ACLs because can cause issues on your instance !
Now provide the new role 'contract_reader' to one of the user with no roles and check the result.
On the other hand here's a user without the new role.
Now you need to repeat a similar process for the 'Managed Document modules/Application and ACLs'.
Always bare in mind you need to investigate and analyse each element involved (tables/Applications/modules/ACLs) before to start.
Plus i also suggest to understand if the user must be allowed to see the content of other tables.
In fact as visible in the next image the reader is required to be able to see info from 'Asset' but as per OOB the user can't.