Problems with watch list user permissions out of the box

Go to solution
jamesmcwhinney
Giga Guru

‎08-31-2015 02:17 PM

While running some tests in preparation to roll out ServiceNow to our users next month, I noticed that when an end user is added to the watch list of an incident, they can open the incident in a read only state, which makes sense.

However, they are also able to cancel the incident, which does not make sense.

Is there an easy way to correct this? (via ACL, UI policy, etc) ?

I am struggling with this since I cant seem to track down what is giving the watch list users read only access in the first place.

Thanks!

- James

0 Helpfuls
  • 2,011 Views
1 ACCEPTED SOLUTION

Go to solution
manikorada
ServiceNow Employee
ServiceNow Employee
In response to jamesmcwhinney

‎08-31-2015 03:23 PM

James,



There is no 'Cancel Incident' button OOTB.


Right click on the 'Cancel Incident' from the bottom of the form and click on 'Edit UI Action' and you will see that UI action. From there check the conditions


View solution in original post

0 Helpfuls
8 REPLIES 8

Go to solution
manikorada
ServiceNow Employee
ServiceNow Employee

‎08-31-2015 02:41 PM

James,



There is a ACL which is : https://<<instance_name>>.service-now.com/nav_to.do?uri=sys_security_acl.do?sys_id=7da3bda1c0a801667dc88c1e9527f776


This is giving read access for the Watch List users.


For cancelling the incident, if you are using UI action add a condition in the UI Action to allow only users whom you need to


0 Helpfuls

Go to solution
jamesmcwhinney
Giga Guru
In response to manikorada

‎08-31-2015 02:45 PM

Thanks Mani,



I am still a little confused by this.



If the ACL is only allowing the user "read" access but not write access, how is it that the user is able to cancel the incident?


Since cancelling the incident means updating the status field of the record, isn't that considered a "write"?


How is this possible?


Do UI actions completely override the ACL permissions?



Thanks again,


- James


0 Helpfuls

Go to solution
manikorada
ServiceNow Employee
ServiceNow Employee
In response to jamesmcwhinney

‎08-31-2015 02:49 PM

James,



How are users canceling the incident? Can you provide the screenshot of the UI action if you are using that


0 Helpfuls

Go to solution
jamesmcwhinney
Giga Guru
In response to manikorada

‎08-31-2015 03:18 PM

0Hi Mani,



The scenario is that user A (a regular end user) logs an incident.


User B (also a regular end user) is added to the watch list.




User B then opens the incident and cannot edit it, but can somehow still cancel it.




This is the OOTB setup as far as I know, but I don't think it makes sense for watch list users to be able to cancel the incident.



Thanks again,


- James


0 Helpfuls