Removing Configuration Item (CI) edit access for ITIL role
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-23-2023 08:12 AM
OOB, ITIL role is permitted to create, read, edit, and delete Configuration Items (CI). We would like to restrict the role to read only for CI's. We understand this involves modifying OOB ACLs.
Looking for any feedback from those who have done this. Did you encounter any unforeseen issues, such as breaking of OOB provided ServiceNow features? Any input on lessons learned, things to avoid, a better way to implement is appreciated.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-23-2023 08:16 AM - edited 02-23-2023 08:16 AM
You can create a new ACL rule for the ITIL role with conditions and Advanced script instead of breaking OOB ACLs
If I could help you with my response you can mark it as helpful and correct as it benefits future viewers
Thanks,
Sai Kumar B
Community Rising Star 2023 & 2022
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-24-2023 08:03 AM
I don't believe it's possible to avoid modifying OOB ACLs or deactivating them and creating new ones (which amounts to modifying OOB ACL). The OOB ACLs give 'itil' role create, edit, delete access. A user having the 'itil' role will always be given edit access via those OOB ACLs, despite any new ACLS put in place.
