Certification role assigned to none ITIL user

Miroslaw M · ‎02-01-2024

Any idea how the "certification role" could be assigned to a none ITIL user?

SNOW STATES:"

The certification role is automatically assigned to all users with the itil role when the Certification Core plugin is activated or when compliance applications are upgraded. Certification core installs two business rules, both called Add Certification Role To Manager, that perform similar tasks on different tables.

"

But this user seems to only have SNC_internal:

It seems to me like the two business rules that SNOW created dont even check for ITIL..but i could just be reading it wrong.

Siddhesh Gawade · ‎02-01-2024

@Miroslaw M ,

Yes, I checked the business rules they doesn't seems to check the ITIL role. both of them almost checking If the certification role exists and the current user has the certification role, it checks if any of the user's have the role. If none it checks if the manager has the role. Again none then assigning role to manager.

And the ITIL role contains this role, So any user with ITIL role will get this role as well.

What you can do is create a custom group and give certification role to that group and them assign user to group. without giving ITIL role. As per my thinking there is no another OOTB way to give this role.

Check for more reference: https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB0695130

Kindly mark the answer ✔️Correct or Helpful ✔️If it addresses your concern.

Regards,

Siddhesh

View solution in original post

Siddhesh Gawade · ‎02-01-2024

@Miroslaw M ,

Yes, I checked the business rules they doesn't seems to check the ITIL role. both of them almost checking If the certification role exists and the current user has the certification role, it checks if any of the user's have the role. If none it checks if the manager has the role. Again none then assigning role to manager.

And the ITIL role contains this role, So any user with ITIL role will get this role as well.

What you can do is create a custom group and give certification role to that group and them assign user to group. without giving ITIL role. As per my thinking there is no another OOTB way to give this role.

Check for more reference: https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB0695130

Kindly mark the answer ✔️Correct or Helpful ✔️If it addresses your concern.

Regards,

Siddhesh

Miroslaw M · ‎02-01-2024

Weird isn't it? why would we want to assign cmdb_read and certification roles to users who are simply snc internal? I wish there was more documentation around this.

Also looking further into it says that this role is used for Certification Tasks which we are not doing.

Siddhesh Gawade · ‎02-02-2024

Hello @Miroslaw M ,

The certification role is typically assigned to ITIL and managers. If you're assigning the certification role to internal users, they also need the cmdb_read role. This is because internal users handling certification tasks need access to information about business applications. They need to ensure data completeness and accuracy for data related to Business Applications, which come from the cmdb_ci_business_app table and other configuration items.

Therefore, it's logical to assign the cmdb_read role along with the certification role to internal users. This dependency can be checked in the cert_task.LIST table.

Kindly mark the answer ✔️Correct or Helpful ✔️If it addresses your concern.

Regards,

Siddhesh