ITSM Roles

Brian Lancaster
Tera Sage

‎04-27-2020 08:13 AM

Has anybody used the new ITSM roles?  I gave a user sn_incident_read and sn_request_read.  The incident role seems to work fine and gives them read access to all incidents and the incident left nav menu.  However the request role does not give them access to them access to the service catalog left nav which would be fine but it does not seems to give them access to the request and request item tables either.  I impersonated one of these user and typed in sc_request.list and it gives me a blank list with Number of rows removed from this list by security...

Labels:
0 Helpfuls
  • 2,275 Views
9 REPLIES 9

Gaurav Shirsat
Mega Sage

‎04-27-2020 10:01 AM

Hello Brian

Please check whether you have activated the plugin or not?

next you muct check whether your user has ITIL Role or Not..

also you ca Try and apply ACL. Please go through the task

Here,you have to first Create Group,

then add role to that group..

and then add users to that group.

This is the Best Practice.

System Security>Group>New>add details>Submit

again Open That Group

Again Open that Group

You Will See Roles...add The Roles

again click on roles>edit

or you can apply it through the ACL. Please find the attchment.

Please Mark Correct and Helpful

Thanks and Regards

Gaurav Shirsat

 

Preview file
396 KB
0 Helpfuls

Brian Lancaster
Tera Sage
In response to Gaurav Shirsat

‎04-27-2020 10:37 AM

Ok just checked by PDI and it does not appear the plugin was installed.  However the roles are there.  Thanks doesn't make sense.  The roles should not be in the system if the plugin is not installed.  Does anybody know if this plugin has a cost since it needs to be installed by ServiceNow via HI for a non-pdi instance.

0 Helpfuls

Matt Hernandez
Tera Guru
In response to Brian Lancaster

‎09-14-2020 03:01 PM

Here is a weird twist on why they might be there.
https://hi.service-now.com/kb_view.do?sysparm_article=KB0758032

0 Helpfuls

Brian Lancaster
Tera Sage

‎04-28-2020 07:48 AM

Ok, so I did some ACL debugging in my person dev even with the plugin installed.  sn_request_read still fails on one of the ACL because of the script.  It is calling a script include that is protected "GlobalServiceCatalogUtil".  It is calling a function in the script include that is checking if the user can approve the record.  As soon as you add sn_request_write it works but we do not want them to be able to write.

Community Alums
Not applicable

‎08-07-2023 07:58 PM

 
  • sn_request_read
    Note: As there are future updates expected for the sn_request_read role, do not assign it to users without the business_stakeholder role.

Refer to the documentation -

https://docs.servicenow.com/en-US/bundle/vancouver-it-service-management/page/product/incident-manag...

0 Helpfuls