How can I allow users without the ITIL role to view and edit Catalog Tasks, and can I do it all from the Service Portal

Mclane · ‎08-08-2018

Hello All,

I have an interesting requirement where I need to allow users who do not have the ITIL role to close out catalog tasks, and they need to be able to do it from the Service Portal. I'm not sure what the best way to achieve this would be. Currently, I have set up on our Service Portal page a Simple List widget called My Catalog Tasks. It pulls directly on the sc_task table and filters dynamically for the user logged in to show their tasks. This works great as long as the logged in user has the itil role.

If they have no role at all, they don't see the Simple List widget at all, and if they search for 'task' or 'catalog task' they get no search results. I found that the module for Catalog Tasks should give access to those with the 'catalog' role, so I tested this and got a strange result. The user with this role cannot see the Simple List widget from the Service Portal either, but when they search for catalog tasks they get this:

From what I'm seeing here it looks like a security issue, so I started looking into ACLs on the sc_task table. There was already a rule existing that allowed the role to read records from the table, so I tried adding the role to the write rule on the table, but unfortunately I get the same result. I think the issue is still ACL related but I'm not sure.

Overall what I'm looking for is to be able to assign someone to a group that has the catalog role. They inherit that role and can then go to the service portal, pull up a SCTASK record, set the state to Closed Complete, and then save the record. Any help would be much appreciated!

Mark Stanger · ‎08-08-2018

Check out the 'sc_task.*' read ACL and add your role there. It's restricted to 'itil' by default. There may also be several field-specific ACLs on the 'task' table that you'll need to adjust. You would do this (if needed) by creating a field-level ACL on the 'sc_task' table to override what's being set at the 'task' table level.

View solution in original post

Mark Stanger · ‎08-08-2018

Check out the 'sc_task.*' read ACL and add your role there. It's restricted to 'itil' by default. There may also be several field-specific ACLs on the 'task' table that you'll need to adjust. You would do this (if needed) by creating a field-level ACL on the 'sc_task' table to override what's being set at the 'task' table level.

Mclane · ‎08-10-2018

Works great now! Thanks again, Mark!

shruti_tyagi · ‎08-08-2018

Hi,

You may also need to play around with service catalog properties:

glide.sc.can_search

List of roles (comma-separated) that can search the Service Catalog. Blank means all users.

glide.sc.category.canview.override

List of roles (comma-separated) that override entitlements so that they can view any category within the Service Catalog.

Default value: admin and catalog_admin

glide.sc.req_for.roles

List of roles (comma-separated) that can view the "Requested for" widget in the Service Catalog. Blank means all users. Controls access to the Requested Forwidget on the catalog homepage. Users with access to this widget can request items for another person. Users without access can place orders in their own name, only.

Here is the doc about other properties:

https://docs.servicenow.com/bundle/helsinki-it-service-management/page/product/service-catalog-management/reference/r_ServiceCatalogProperties.html

Thanks

Shruti

AishwaryaS · ‎07-05-2023

If you want to do this from Employee portal,

with snc_internal role user can able to view his/her tasks in banner header of Employee portal.

just need to edit todoPageUtils script include.

In that script-include just need to add the code : gs.getUser().hasRole('snc_internal')

//here added snc_internal role to view users their tasks in portal list if (!(gs.getUser().hasRole('approver_user') || gs.getUser().hasRole('business_stakeholder') || gs.getUser().hasRole('snc_internal')))

After adding this line gs.getUser().hasRole('snc_internal') user with snc_internal role can able to view his/her tasks .