Restrict the user to view other tables except alm_license.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
a month ago
Restrict the user to view other tables except alm_license, in this scenario we can create a custom role.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
a month ago
Hi RifqaF,
For this scenerio you have to create a custom role, we also have few OOB roles like like sam_viewer, asset, or itil which come with a web of inherited roles and baseline ACLs.
Modifying baseline ACLs to strip away access for OOB roles is a bad idea,as it will disrupt standard platform functionality and complicate your future upgrade paths.
So, Create anew custom role (e.g., alm_license_viewer) to maintain a clean governance structure) and create a read acl or follow these steps:
1. Create the Custom Role
Navigate to User Administration > Roles and create your new role.
2. Create Read ACLs
Create a Table-level Read ACL: Select the alm_license table, leave the field dropdown as --None--, and add your new custom role to the "Requires role" related list.
Create a Field-level Read ACL: Create a second Read ACL for the alm_license table, select * from the field dropdown, and assign the same custom role.
3. Restrict the User's Other Access
Assign the new alm_license_viewer role to the user (or ideally, their group).
Note: Ensure the user does not possess broader roles like itil, asset, or sam_viewer.
Because ServiceNow operates on a default-deny architecture, removing those broader baseline roles and leaving them with only your new custom role ensures they are strictly isolated to viewing the alm_license table.
Please mark this response as helpful if it resolved your query!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
a month ago
Hi @Yogesh11bhatt, Thank you for your response, I have tried this solution but there are other existing OOB ACL's, due to that unable to see the records in the table with this role.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
a month ago
Hi @RifqaF
Try this,
- Create a custom role
- Navigate to User Administration > Roles
- Click New.
- Enter a Name (e.g. x_snc_license_view).
- Enter a Description
- Click Submit.
2. Configure Table-Level Read ACL ( Elevate your role to security_admin)
- Navigate to System Security > Access Control (ACL).
- Click New.
- Fill in the following fields:
- Type: record
- Operation: read
- Name: Select alm_license from the dropdown list.
- In the Requires role related list, click Edit and add your new custom role (e.g., x_snc_license_view)
- Assign the Role to Users
- Navigate to User Administration > Users and select the target user.
- Scroll to the Roles related list and click Edit.
- Search for your custom role (x_snc_license_view), add it to the user's profile, and click Save.
Regards
Tanushree Maiti
ServiceNow Technical Architect
LinkedIn: https://www.linkedin.com/in/tanushreemaiti
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
a month ago
Hi @RifqaF , to check access I would recommend the following OOTB ServiceNow tool for check and troubleshooting. Thanks to @Tanushree Maiti @Yogesh11bhatt for the detailed answers how to create the additional group and ACL.
Getting started with Access Analyzer
