ITSM Roles

Brian Lancaster · ‎04-27-2020

Has anybody used the new ITSM roles? I gave a user sn_incident_read and sn_request_read. The incident role seems to work fine and gives them read access to all incidents and the incident left nav menu. However the request role does not give them access to them access to the service catalog left nav which would be fine but it does not seems to give them access to the request and request item tables either. I impersonated one of these user and typed in sc_request.list and it gives me a blank list with Number of rows removed from this list by security...

Kieran Anson · ‎04-27-2020

Hi Brian,

You can check the plugin loaded correctly by validating that ACLs exist for the sn_request_read role using the sys_security_acl_role table

https://yourinstancename.service-now.com/sys_security_acl_role_list.do?sysparm_query=sys_user_role.nameSTARTSWITHsn_request_read

I note that there is a script condition to only allow access to sc_request and sc_req_item if the user can read the relating approval record(s)

Brian Lancaster · ‎04-27-2020

Strange that i'm seeing the same thing in my PDI. Maybe it is a bug in the plugin install for new instances. We did not request the plugin but we are a new customer on New York so I could only guess for new customer it comes preinstalled.

Kieran Anson · ‎04-27-2020

Yeah my PDI started with New York. Not sure why that script condition exists as it makes the role a tad pointless unless you give the user one of the approval roles!

hmmm...

Brian Lancaster · ‎04-27-2020

Actually just looks. It appears the plugin is not installed but the roles are still in the system. I checked in my PDI and it was not installed. Seems strange that the roles are there when the plugin is not installed.