what is the minimum role to see incidents of the assigned group?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎01-24-2025 04:40 AM
What role should I give the user so that they have minimum access, i.e. only to assigned requests and incidents for the group they belong to?
The snc_internal role allows you to view only assigned incidents and requests per user.
I need a solution that gives access only to things assigned to the user's group
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎01-24-2025 04:46 AM
You can give Incident_write role and create an ACL to view specific groups incident.
If my response proves useful, please indicate its helpfulness by selecting " Accept as Solution" and " Helpful." This action benefits both the community and me.
Regards
Dr. Atul G. - Learn N Grow Together
ServiceNow Techno - Functional Trainer
LinkedIn: https://www.linkedin.com/in/dratulgrover
YouTube: https://www.youtube.com/@LearnNGrowTogetherwithAtulG
Topmate: https://topmate.io/atul_grover_lng [ Connect for 1-1 Session]
****************************************************************************************************************
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎01-24-2025 07:15 AM
but by giving someone the sn_incident_write role you also give a wider scope because the role includes other roles and I don't want to give such access to an external user...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎01-24-2025 07:50 AM
So in this case, create a new role only for incident.
If my response proves useful, please indicate its helpfulness by selecting " Accept as Solution" and " Helpful." This action benefits both the community and me.
Regards
Dr. Atul G. - Learn N Grow Together
ServiceNow Techno - Functional Trainer
LinkedIn: https://www.linkedin.com/in/dratulgrover
YouTube: https://www.youtube.com/@LearnNGrowTogetherwithAtulG
Topmate: https://topmate.io/atul_grover_lng [ Connect for 1-1 Session]
****************************************************************************************************************
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎01-24-2025 04:58 AM
To give users access only to incidents and requests assigned to their group, you’ll need to create a custom role and configure ACLs. First, ensure the users are added to the correct groups in User Groups. Then, create a new role (group_incident_access) and assign it to those users.
Next, set up ACLs for the Incident and Request tables. In the ACL conditions, allow access only if the record’s assignment group matches the user’s group. For example, you can use a script like:
javascript
var userGroups = gs.getUser().getMyGroups();
if (current.assignment_group && userGroups.contains(current.assignment_group.sys_id)) {
answer = true;
} else {
answer = false;
}
This ensures users can only view records assigned to their group or directly to themselves. For extra control, you can also use filters or UI policies to hide irrelevant data.