which oob role gives some one the access to create and update ci's

dick1
Tera Expert

‎02-21-2022 06:44 AM

Hi all,

I'm trying to identify the role that can update the cmdb ci information

I found the role sn_cmdb_editor and accoording to the description this role should have this access but when trying it it seemingly has only read rights on the cmdb when defining a user with that role

there is also the asset role but this can also update the assets and i would like to be able to split this.
other role that can update is the itil role but that can also do  more.

 

find_real_file.png

 

Labels:
Preview file
34 KB
0 Helpfuls
  • 2,090 Views
6 REPLIES 6

Harneet1
Tera Contributor
In response to Saurav11

‎02-21-2022 07:18 AM

Hi, 

Adding to Saurav's comment, you can check the write ACLs on 'cmdb_ci' table or on the child tables whichever you are looking for-

https://instanceName.service-now.com/sys_security_acl_list.do?sysparm_query=nameSTARTSWITHcmdb_ci%5Eoperation%3Dwrite&sysparm_view=

OOB there are multiple roles which give write access which includes itil, itil_admin, cmdb_ot_editor etc but this should purely be dependent on your requirements.  

 

If the answer has helped you, please mark the answer correct/helpful. Thank you.

-Harneet

dick1
Tera Expert
In response to Harneet1

‎03-04-2022 06:31 AM

still In my opinion strange that the itil role and asset role are the only roles to edit cmdb. as you might want to split the the managing of tasks and the update of ci's

looking at all roles as mentioned above there is an oob role

sn_cmdb_editor with the description CRUD rights on cmdb records but it doesn't so what's the idea behind this oob role as it can't edit cmdb??

 

0 Helpfuls