ITIL Restricted role

jacekj · ‎02-21-2022

Hi,

We need to allow some external consultants to access our instance, so I need an scenario in which the user will:

use the itil license
be able to view and work on all incidents that are assigned to him, and/or he is in the assigned to group and/or he is in the watchlist/work notes
see nothing more, only incidents

Can someone guide how to do that in a least invasive way? Want to avoid as much as possible modifying OOTB settings.

I tested an "itil restircted" role which I added to the "incident query" business rule where the effect is exactly as mentioned in point "2" but the user also had the standard itil role.

Due to the fact that the user has the "itil" role he has still access to catalog, and a bunch of other modules, which we don't want.

Maybe I'm missing here something obvious?

jacekj · ‎03-07-2022

Just to update, the sn_incident_write + modifying the incident query BR seem to do the trick for me!

Don't need anything else right now 🙂

View solution in original post

Jan Cernocky · ‎02-21-2022

You can have a look at the 'sn_incident_write' role.

This somehow limits access to incident management.

But you will still need to tweak the ACLs since itil is really a global role with access to a lot of areas.

jacekj · ‎02-24-2022

Thanks! Looking into this.

I think that the 'sn_incident_write' role + modifying the query incident BR or the 'incident.*' ACL might do the trick.
Need to test that, will update this thread with the end result!

Musab Rasheed · ‎02-21-2022

Hi,

How about creating a role and adding it to 'incident.*' ACL so that users have access only to Incident.?

Please hit like and mark my response as correct if that helps
Regards,
Musab

jacekj · ‎02-24-2022

Thanks! Looking into this.

I think that the 'sn_incident_write' role + modifying the query incident BR or the 'incident.*' ACL might do the trick.
Need to test that, will update this thread with the end result!