- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎08-07-2016 05:41 PM
Hi All,
I have been trying to make the change calendar visible to all users via the Public role. I can get this to work by setting the Change Request [change_request] -- None -- as read only to the Public role and this I can see works as expected. But from my understanding this gives public users read access to all fields in the change_request table? I was trying to limit the rows that they can see, but when I do this they do not see the changes on the calendar. Instead they get an empty calendar with Number of rows removed by Security constraints: x
I tried setting the change number, short description and planned start to all be visible by the Public role but still no luck. Does anyone know what columns I need to make visible so it can be seen on the calendar?
Secondly, when the CR is visible on the calendar, is there a way to make it so that it is not a link? By default it is a link to take you to the details of the CR.
Regards
James
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎08-09-2016 03:57 AM
Do they have read access to the record (e.g. change_request.none)? You'll need that if you want to grant read access to individual fields as well. Your ACLs should look something like this
change_request.none - record level access, grant read access to everyone (role=public)
change_request.* - all fields, grant read access to only those whom you deem necessary (e.g. roled users or logged in users? your choice)
change_request.field_name - a specific field like number, short_description, grant access to everyone (role=public)
Using Access Control Rules - ServiceNow Wiki
Security Best Practices - ServiceNow Wiki
Contextual Security - ServiceNow Wiki
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎08-08-2016 03:24 AM
Hi James,
It sounds like we just need to get your ACLs sorted out. Can you elaborate on this statement?
I was trying to limit the rows that they can see
Based on what?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎08-08-2016 05:15 PM
Hi Chuck,
I was trying to give the public roles as limited amount of access to the change_request table as required so that they can see changes on the change calendar. I had configured the change calendar so that is shows the number, short description and risk. I assume it also needed planned start and planned end dates. After giving the public role read access to each of these fields, users still do not see the changes on the calendar.
Hope this makes sense?
Thanks
James
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎08-09-2016 03:57 AM
Do they have read access to the record (e.g. change_request.none)? You'll need that if you want to grant read access to individual fields as well. Your ACLs should look something like this
change_request.none - record level access, grant read access to everyone (role=public)
change_request.* - all fields, grant read access to only those whom you deem necessary (e.g. roled users or logged in users? your choice)
change_request.field_name - a specific field like number, short_description, grant access to everyone (role=public)
Using Access Control Rules - ServiceNow Wiki
Security Best Practices - ServiceNow Wiki
Contextual Security - ServiceNow Wiki
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎08-09-2016 05:19 PM
Thanks Chuck,
As soon as I set the first one then it works. I don't need to set individual record access. I assumed setting:
change_request.none - record level access, grant read access to everyone (role=public)
Gave access to all rows?
Now for the second question, does anyone know how to disable change record on the calendar being a link to the underlying change?
Thanks
James
