Simple flow with permissions issues

michaelmeal · 4 weeks ago

Hi, Literally 24 hours experience with SNOW so Im sorry if this is stupid but ive been up all night and day on this.

I have tried using AI agents, I have read documentation, I spent all night last night watching you tube videos on service now and basically clicked on anything that mentioned flows and flow editing but I still am confused!

I have been tasked with a SNOW Dev environment and told that I need to do a few things that I have no idea how to do:

I have SNOW Yokohama version 6, my environment cant run scripts and SNOW wont allow me to edit ACL's or even create them!

I have created a service catalog item for a "new user request". All of the form fields are correct and work but I need two specific fields/variables to be read only to everyone else except the approvers group. There were no issues adding the variables and creating the role assignments on them but when I go to the System Security, Access Control page there is no "new" button for me to create a new ACL. AI showed me a link to create a new ACL but that page wont allow me to edit (ghostbuster style, red circle with a line through it).

From the doco that AI has shown me and what I have read I can't achieve the permissions on the variables without having scripting or being able to use an ACL. BTW I have admin and security_admin roles on the environment and am able to add any role/permission I need to achieve. I have been told that the install and set up is default OOTB and there are no specific security settings that should be stopping me from doing what I need on the system. I need to have this flow working by monday morning when the system goes live!

And once I fix that I need to learn how to push the updates to the prod environment!

PLEASE HELP ME!

Thanks very much for any assistance you can provide, I really appreciate it, Sincerely

Sandeep Rajput · 3 weeks ago

@michaelmeal In orde to Add/Edit ACL in ServiceNow, you need to have security_admin role. If you already have this role then you need to elevate your role before you can add/edit the ACL. Use the following steps to elevate your role to security_admin.

1.

Once your role is elevated, you will be able to Add/Edit the ACLs.

Hope this helps.

View solution in original post

Bhuvan · 3 weeks ago

@michaelmeal

You can refer below article for more details,

https://noderegister.service-now.com/kb?id=kb_article_view&sysparm_article=KB0965712

Go to profile -> Elevate Role -> security_admin -> update

You can see session is in elevated permission with header border color in red and user profile circled in red. You can create/update/delete ACL with elevated role

If you are using system administrator account in PDI, it should have security_admin added already. If you have created a new admin user, go to user record and add security_admin role to the user and you can elevate role with the admin account.

If this helped to answer your query, please mark it helpful & accept the solution.

Thanks,

Bhuvan

View solution in original post

michaelmeal · 3 weeks ago

OK. Issue resolved. The security_admin role appeared to be added as I could edit it and add it to my roles and click on save with no errors. In reality SNOW just disregarded the role addition but didnt give me any indication. Design flaw? I dont know but the more and more i see of this program the more it confuses me....

View solution in original post

michaelmeal · 3 weeks ago

Yes thank you very much, the issue was that I believed I was already added to the Security_admin role (because the UI allowed me to add the roles) but as you stated it was not applied to the account.We decided to go with a different way to implement the policies and the issue is resolved. Thanks very much for all your assistance

Sandeep Rajput · 3 weeks ago

@michaelmeal The screenshot shared by you clearly indicates that you do not have the security admin role.

Please assign the role to yourself using the slush bucket and see if you can find the Elevate role option in the menu.

michaelmeal · 3 weeks ago

OK. Issue resolved. The security_admin role appeared to be added as I could edit it and add it to my roles and click on save with no errors. In reality SNOW just disregarded the role addition but didnt give me any indication. Design flaw? I dont know but the more and more i see of this program the more it confuses me....

michaelmeal · 3 weeks ago

Thanks mate. You both were spot on but i didnt believe it becuase the GUI had told me I could save the role so i considered it a done deal. thanks very much for your assitance!

Bhuvan · 3 weeks ago

@michaelmeal

You can refer below article for more details,

https://noderegister.service-now.com/kb?id=kb_article_view&sysparm_article=KB0965712

Go to profile -> Elevate Role -> security_admin -> update

You can see session is in elevated permission with header border color in red and user profile circled in red. You can create/update/delete ACL with elevated role

If you are using system administrator account in PDI, it should have security_admin added already. If you have created a new admin user, go to user record and add security_admin role to the user and you can elevate role with the admin account.

If this helped to answer your query, please mark it helpful & accept the solution.

Thanks,

Bhuvan