The Zurich release has arrived! Interested in new features and functionalities? Click here for more

Asset role

Miszel
Giga Contributor

‎02-25-2022 09:05 AM

Hi, I have a question regarding asset role in SN San Diego. In docs there is an information that this role allows: manage hardware and software assets. Is manage means: create, read, update and delete?
Or is there, for assets, any specific role that allows only for: create and update but not delete?

Thanks in advance.
MR

  • 3,876 Views
5 REPLIES 5

Dan H
Tera Guru

‎02-25-2022 10:45 AM

Hi @Miszel 

I tested this on my PDI

I created a new User and only assigned them the 'Asset' role.

I can verify that I am able to create, read, update and delete assets. I don't know of a OOTB role that can do all but delete on assets.

You can look into ACL's to create new restraints to specific operations on specific modules.

https://docs.servicenow.com/bundle/sandiego-platform-administration/page/administer/contextual-security/task/t_CreateAnACLRule.html

Please mark answer as helpful/correct based on impact

Miszel
Giga Contributor
In response to Dan H

‎02-26-2022 03:52 AM

Hi @Dan H 

Thanks a lot for your reply. Appreciate it.

 

BR
Miszel

0 Helpfuls

Scott Halverso1
Mega Guru
Mega Guru

‎02-25-2022 04:42 PM

There isn't very fine grain controls on the roles as it relates to assets.  As you noted, users with the role can read, create, update and delete.

Common delete use cases that come up are: 

1. Asset manager needs to delete the asset only, not the CI, due to models not being set up correctly (e.g. often times asset managers don't want virtual machines in the asset repo).

2. Other use cases are entering software entitlements incorrectly or duplicating software entitlements and need to get them out of the system so the reconcilation engine doesn't take them into consideration. 

3. Other uses cases include software allocations by user or by device.  When that user or device no longer is consuming a license, there is no active flag, the record must be deleted from the system.

Long story short, work through some of the day to day uses cases before designing a solution.  In complex orgs we frequently isolate delete functionality up to corporate asset managers/national asset managers.  We also frequently create a custom read only role.

 

  

Miszel
Giga Contributor
In response to Scott Halverso1

‎02-26-2022 03:53 AM

Hi @Scott Halverson 

Thanks a lot for your reply. Appreciate it.

 

BR
Miszel

0 Helpfuls