Implementation of Access request

Ankit28 · ‎08-21-2013

I need to work on a way for users to request access to ServiceNow itself. We give access to users by assigning roles to groups and making users members of those groups. We try not to give users roles directly because it makes management of roles more difficult. We also have customized the system to allow managers of groups to add/remove members themselves. They access this by going to "Groups I Manage" under the Support application. We need to provide a way in addition to this.

I'm thinking we should create a catalog item in the Service Catalog for people to request access. The catalog item should cause the user to select the group that they wish to be a member of. The list of available groups should be all active groups in ServiceNow which have a manager that is also active and where the group has a management type of "manual". Group management types are provided through a customization that we've made to the system. When a user requests to be part of a group, an approval task should be sent to the group's manager for approval. If approved, the user should automatically be added to the group. If rejected, the user should automatically be removed. The same thing should happen if the user requests to be removed from a group (offer option in same catalog item).

We could also think about allowing the user to request access to multiple groups at once. In this case it is possible that more than one manager would need to approve or that a single manager would be approving for access to multiple groups.

I'd keep it simple to start with and only allow a single group to be requested in a single submission.

Let me know what are the implementation steps(in detail)

jdesouz · ‎08-27-2013

You would need a workflow for that item and then you could add your approvals - once approved you could use the script utility to do what you want. It would be a simple query to the sys_user_grmember table and add record to the table with the user and the group sys id's.

Ankit28 · ‎09-09-2013

I have actually come up with a design of catalog item and the workflow, but the problem am facing is that in the catalog item design users would choose the multiple groups membership, I would like to give group description if possible to the user. Also, the workflow design should ensure that the group membership would require group managers approval so that means unless and untill all group members approve the catalog item would not get closed. Any suggestions? Please find attached designs.

pdjakk_snow · ‎09-09-2013

Hi Ankit,

When you select multiple groups in the catalog items, approvers should be managers of all the groups and workflow should move when all the managers approvers request. To do this you will need to select "Everyone to approve" in the approval user activity (Workflow).

Ankit28 · ‎09-27-2013

Do you know how to add these filters transparently, so they don't show up in the view? I believe this is possible, but only when surfacing this control type in a catalog item.