ACL Assessment security admin role

Selben · ‎03-16-2022

We received the Article indicating we need to run an ACL assessment scan. We did this in non-production instances, found a few reports that had issues and were able to remedy them.

The instructions in the article then instruct you to run in all instances, including production (After testing in non-production of course).. The trouble is, in order to even access the assessment you need to have the security admin role... Which you cannot have in the Production instance... Or are we suppose to just clone, run, make fixes, and never run the scan directly in Production?..

Suggestions, what did others do?

In reference to [KB0958442] https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB0958442#mcetoc_1fqt1vied3v

Maik Skoddow · ‎03-16-2022

Hi

you say, "you need to have the security admin role... Which you cannot have in the Production instance" but this is not true. You can have the security_admin role even on a PROD instance.

Kind regards
Maik

View solution in original post

Maik Skoddow · ‎03-16-2022

Hi

you say, "you need to have the security admin role... Which you cannot have in the Production instance" but this is not true. You can have the security_admin role even on a PROD instance.

Kind regards
Maik

Shawn11 · ‎03-17-2022

By default the "System Administrator" account has these privileges.

Gail · ‎04-04-2022

In my development I had to Elevate my roles to Security_Admin before I could even see the "ACL assessment for reports" program. A system admin should be able to Elevate in production but If your company does not allow you do so, try using a local update set in Dev and making your changes there and promoting the update set to production after the new ACL's are active. I did not try that, as yet, but it should work.