Simple flow with permissions issues

michaelmeal · 4 weeks ago

Hi, Literally 24 hours experience with SNOW so Im sorry if this is stupid but ive been up all night and day on this.

I have tried using AI agents, I have read documentation, I spent all night last night watching you tube videos on service now and basically clicked on anything that mentioned flows and flow editing but I still am confused!

I have been tasked with a SNOW Dev environment and told that I need to do a few things that I have no idea how to do:

I have SNOW Yokohama version 6, my environment cant run scripts and SNOW wont allow me to edit ACL's or even create them!

I have created a service catalog item for a "new user request". All of the form fields are correct and work but I need two specific fields/variables to be read only to everyone else except the approvers group. There were no issues adding the variables and creating the role assignments on them but when I go to the System Security, Access Control page there is no "new" button for me to create a new ACL. AI showed me a link to create a new ACL but that page wont allow me to edit (ghostbuster style, red circle with a line through it).

From the doco that AI has shown me and what I have read I can't achieve the permissions on the variables without having scripting or being able to use an ACL. BTW I have admin and security_admin roles on the environment and am able to add any role/permission I need to achieve. I have been told that the install and set up is default OOTB and there are no specific security settings that should be stopping me from doing what I need on the system. I need to have this flow working by monday morning when the system goes live!

And once I fix that I need to learn how to push the updates to the prod environment!

PLEASE HELP ME!

Thanks very much for any assistance you can provide, I really appreciate it, Sincerely

Sandeep Rajput · 3 weeks ago

@michaelmeal In orde to Add/Edit ACL in ServiceNow, you need to have security_admin role. If you already have this role then you need to elevate your role before you can add/edit the ACL. Use the following steps to elevate your role to security_admin.

1.

Once your role is elevated, you will be able to Add/Edit the ACLs.

Hope this helps.

View solution in original post

Bhuvan · 3 weeks ago

@michaelmeal

You can refer below article for more details,

https://noderegister.service-now.com/kb?id=kb_article_view&sysparm_article=KB0965712

Go to profile -> Elevate Role -> security_admin -> update

You can see session is in elevated permission with header border color in red and user profile circled in red. You can create/update/delete ACL with elevated role

If you are using system administrator account in PDI, it should have security_admin added already. If you have created a new admin user, go to user record and add security_admin role to the user and you can elevate role with the admin account.

If this helped to answer your query, please mark it helpful & accept the solution.

Thanks,

Bhuvan

View solution in original post

michaelmeal · 3 weeks ago

OK. Issue resolved. The security_admin role appeared to be added as I could edit it and add it to my roles and click on save with no errors. In reality SNOW just disregarded the role addition but didnt give me any indication. Design flaw? I dont know but the more and more i see of this program the more it confuses me....

View solution in original post

Sandeep Rajput · 3 weeks ago

@michaelmeal In orde to Add/Edit ACL in ServiceNow, you need to have security_admin role. If you already have this role then you need to elevate your role before you can add/edit the ACL. Use the following steps to elevate your role to security_admin.

1.

Once your role is elevated, you will be able to Add/Edit the ACLs.

Hope this helps.

michaelmeal · 3 weeks ago

Thanks for your help Sandeep,

I dont have that option in my drop down list :

i have 1000% added the security_admin and already had the admin role assigned. Is there a way to enable that option in the menu?

Below screen shot is the roles added to my account:

now when i go to the ACL page I still cant see the "new" button.

Thanks for any help you can suggest!

Bhuvan · 3 weeks ago

@michaelmeal

Before you can give another user with security_admin role you need to elevate the role to security_admin.

Login as admin -> Elevate role to security_admin -> go to sys_user table and open your user record -> add role security_admin to your user and save the record. Now logout and login again using your ID and you can see elevate role.

If it does not work, clear browser cache and exectute gs.invalidateCache(); from script background to clean cache and try again. You can also try from incognito or InPrivate window of your browser.

If this helped to answer your query, please mark it helpful & accept the solution.

Thanks,

Bhuvan

Bhuvan · 3 weeks ago

@michaelmeal

Did you get a chance to review this and add your User ID with security_admin role ?

If my response helped to answer your query, please mark it helpful & accept the solution.

Thanks,

Bhuvan