Limit and ITIL users access to various modules

jabest13
Tera Expert

We have a need for a non-IT user to have access to RITMs, Incidents and Change tickets (read & create) for only a particular group.  I did use a script that was posted to create a business rule on incident and that works for incident.  We do not want them in to modify the CMDB.  How do we prevent access to the CMDB? 

 

The business rule reads...

 

(function executeRule(current, previous /*null when async*/ ) {

// Add your code here
if (gs.getSession().isInteractive()) {
//Restrict to caller, watchlist, or members of assigned group...
var u = gs.getUserID(); //Get the sys_id value of the current user
var g = getMyGroups(); //Get the list of the current user groups
var q = current.addQuery('caller_id', u).addOrCondition('assignment_group', g).addOrCondition('watch_list', u); //Modify the current query on the incident table
}
})(current, previous);

1 ACCEPTED SOLUTION

We had to create business rules for Incident and RITMs....  The first reply was closest to what we need.

 

(function executeRule(current, previous /*null when async*/ ) {

// Add your code here

if (gs.getSession().isInteractive()) {
//Restrict to caller, watchlist, or members of assigned group...
var u = gs.getUserID(); //Get the sys_id value of the current user
var g = getMyGroups(); //Get the list of the current user groups
var q = current.addQuery('caller_id', u).addOrCondition('assignment_group', g).addOrCondition('watch_list', u); //Modify the current query on the incident table
}

})(current, previous);

View solution in original post

7 REPLIES 7

Mike_R
Kilo Patron
Kilo Patron

Did you take a look at this more granular roles instead?

https://docs.servicenow.com/en-US/bundle/tokyo-it-service-management/page/product/incident-managemen...

 

ITSM Roles — Incident Management [com.snc.itsm.roles.incident_management]
  • sn_incident_read
ITSM Roles — Change Management [com.snc.itsm.roles.change_management]
  • sn_change_read
  • sn_change_write
ITSM Roles — Request Management [com.snc.service_management.roles.request_management]
  • sn_request_read

Are these new in Tokyo, I don't see them in San Diego?

It new as of Madrid and is automatically enabled on new instances.

Existing customers will need to request the plugin (ITSM Roles plugin (com.snc.itsm.roles)) from SN Support. 

Please install and test in Dev first since this plugin will modify ACLs.

I did get the plug-ins, this did not work the way we need it to.  They do see incidents and can read/write etc.  We are trying to limit what they see to just the groups they are associated to.  The business rule above is pretty close, but I'm thinking it needs an if statement of some sort.  If role is limited_itil, then invoke the business rule.  Currently, the business rule is taking place for all itil users.