How to share report with non-itil user?

Go to solution
SR25
Tera Contributor

‎04-22-2019 11:24 AM

I created a report on the incident table and under share setting selected "everyone". We would like a handful of non-itil users to be able to access this report. In order to accomplish this I created a new roll called CRMReport and added it to the incident read ACL (screenshot below). Added this role to a user account however the user is unable to see all incidents in this report and is only seeing the ones they created. Please advice. 

find_real_file.png

 

Labels:
Preview file
79 KB
0 Helpfuls
  • 4,251 Views
1 ACCEPTED SOLUTION

Go to solution
Allen Andreas
Administrator
Administrator
In response to SR25

‎04-22-2019 01:41 PM

It's not best practice because ServiceNow has this information locked down to ITIL due to way they've designed the licenses. Ultimately, we can strip away that protection and allow others to read, create, delete, write, etc...but it's a gray area for "Read"...some believe that allowing people to Read the data is just as crossing the line as Writing to those fields...in the new Subscription Model per SN released in Madrid...for new SN customer contracts or renewed contracts...even "Read" counts as a license...so technically it's like you're giving them ITIL....slightly...but still ITIL none the less. So SN could audit your instance and charge you for extra ITIL licenses...this can and will vary...but I just wanted to throw that out there and again, you'd want to speak to your SN account executive for the most accurate information.

If those users only need to be able to review reports...you could schedule the report to be emailed to them daily or weekly with the parameters they need...this comes to them in the form of (for example...) .PDF and doesn't require them to login to the instance or consume a license.

https://docs.servicenow.com/bundle/geneva-performance-analytics-and-reporting/page/use/advanced_repo...

Please mark reply as Helpful/Correct. Thanks!


Please consider marking my reply as Helpful and/or Accept Solution, if applicable. Thanks!

View solution in original post

6 REPLIES 6

Go to solution
Allen Andreas
Administrator
Administrator

‎04-22-2019 11:57 AM

Hello,

Is there any condition or script to this at the bottom? Your screenshot only shows the middle/top portion. The users only seeing report that they created is really just the OOB behavior...so there is still an issue here. Please also ensure the user has logged out and logged back in to get the new role fully attached to their session.

Please mark reply as Helpful/Correct, if applicable. Thanks!


Please consider marking my reply as Helpful and/or Accept Solution, if applicable. Thanks!
0 Helpfuls

Go to solution
SR25
Tera Contributor
In response to Allen Andreas

‎04-22-2019 12:41 PM

Hi,

There is no script in the ACL. In addition to the Itil role I want the CRMReport role to be have read access to the incidents table. That's why I have added it to the ACL. The user with CRMreport role is still unable to see all incidents where the category is CRM (added this filter condition in the report). They have logged out and logged bag in again and still see their own incidents. 

0 Helpfuls

Go to solution
Allen Andreas
Administrator
Administrator
In response to SR25

‎04-22-2019 12:46 PM

Hi,

Yes, that's correct. I understand what you're wanting to do. I'm merely addressing the first step, which is the ACL issue. NOW you need to edit the Business Rule: "Incident query" on the Incident table.

Which has a script like this:

restrictIncidents();

	function restrictIncidents() {
    if (!gs.hasRole("itil") && gs.isInteractive()) {
        // PRB1314624: Do NOT restrict Incidents if SPM plugin is active AND user has the service_viewer role.
        if (GlidePluginManager.isActive('com.snc.spm') && gs.hasRole('service_viewer'))
            return;

        var u = gs.getUserID();
        var qc = current.addQuery("caller_id", u).addOrCondition("opened_by", u).addOrCondition("watch_list", "CONTAINS", u);
        gs.print("query restricted to user: " + u);
    }
	}

So you'd need to add a , after "itil in the hasRole line at the top, state your other role and end it with ", save, then it should be good to go.

So like: if (!gs.hasRole("itil,CRMReport") && gs.isInteractive()) {

Side note to all this...this really isn't best practice to do it like this and could lead you being audited by SN. Just throwing that out there. You may want to ultimately consult your SN account executive when you get a moment about this to see what negative impact there could be.

Please mark reply as Helpful/Correct. Thanks!


Please consider marking my reply as Helpful and/or Accept Solution, if applicable. Thanks!
0 Helpfuls

Go to solution
SR25
Tera Contributor
In response to Allen Andreas

‎04-22-2019 01:14 PM

Thanks for your response. I am relatively new to SN and appreciate if you could elaborate on-

1. Why isn't this the best practice?

2. What is a better way for a small subset of users (non-itil) to be able to view reports off of the incident able?

 

0 Helpfuls