Read only role for Incident, Problem, Change

snolt · ‎07-08-2013

I need to create a read only role to be utilized by various departments in my company to allow them to view all data in Incident, Problem, and Change. The role has been created and I have added it to the ACL's for Incident with a read operation. As a test, I edited the Incident Application to allow the role the ability see the incident application, however when I impersonate a user with this role and select anything under the incident header, they see no data. There isn't a security error message, it just does not display anything.

I'm still fairly new at ServiceNow admin, but this seemed like it should be rather straight forward. What am I missing?

CapaJC · ‎07-08-2013

There is a Business Rule called "incident query" that limits which Incidents a user can see. By default, I think, if you don't have the itil role, you can only see incidents where you are the Caller or on the Watch List.

You might need to modify the logic in the script to also allow your new role to see what itil can see.

CapaJC · ‎07-08-2013

As an example, if the first line of that Business Rule is the following:



if (!gs.hasRole("itil") &amp;&amp; gs.getSession().isInteractive()) {

You might change it to this to allow a role called "your_role" to see all Incidents:



if (!gs.hasRole("itil") &amp;&amp; !gs.hasRole("your_role") &amp;&amp; gs.getSession().isInteractive()) {

matty_c · ‎08-28-2013

Great tip for Incident - it worked really well.

I had been half-way through adding modules and "read" acls to a new role I created called read_only but stopped when I read your business rule approach as it's far simpler... please tell me you have a similar option for problem and change records too 🙂

I have a bunch of auditors onsite wanting read only access to all records.

Cheers,
Matty

yasho1 · ‎01-28-2022

Hi Matty,

Could u please help me with the code which u ve written in the incident query br.