Problems with watch list user permissions out of the box

jamesmcwhinney · ‎08-31-2015

While running some tests in preparation to roll out ServiceNow to our users next month, I noticed that when an end user is added to the watch list of an incident, they can open the incident in a read only state, which makes sense.

However, they are also able to cancel the incident, which does not make sense.

Is there an easy way to correct this? (via ACL, UI policy, etc) ?

I am struggling with this since I cant seem to track down what is giving the watch list users read only access in the first place.

Thanks!

- James

manikorada · ‎08-31-2015

James,

There is no 'Cancel Incident' button OOTB.

Right click on the 'Cancel Incident' from the bottom of the form and click on 'Edit UI Action' and you will see that UI action. From there check the conditions

View solution in original post

manikorada · ‎08-31-2015

James,

There is no 'Cancel Incident' button OOTB.

Right click on the 'Cancel Incident' from the bottom of the form and click on 'Edit UI Action' and you will see that UI action. From there check the conditions

jamesmcwhinney · ‎09-22-2015

Thanks Mani, I wasn't thinking clearly.

The "Cancel Incident" button isn't OOTB, it was added by our consultants.

I have updated the UI action such that it is only available for the appropriate users.

Cheers

Harish Murikina · ‎09-01-2015

Hi James,

As Mani suggested write the condition in that Ui action, the below code helps you

current.watch_list.indexOf(gs.getUserID()) > -1

sethivarun · ‎08-31-2015

Hi James,

Did you check write ACL for incident? It should have a role, otherwise anyone could modify the incident.