External Access for Security Incident Response Tasks

rcarmack1
Kilo Guru

When we stood up the Security Incident Response module, our request was that non-SOC members could not see the SIR, but could only be assigned SITs.  Based on this, the appropriate groups were given the "response_task" Type and can be assigned tasks.  However, we are having issues with these groups being able to see what is assigned to them.  At this point, no one can see any tasks unless they get assigned to that person specifically.  

Currently, no groups have the role "sn_si.external", which I've been taking a look at.  This seems to give users visibility under "My Work" when they are assigned something specifically, but unassigned tasks cannot be seen under "My Groups Work", which is what we are trying to accomplish. 

1 ACCEPTED SOLUTION

andy_ojha
ServiceNow Employee
ServiceNow Employee

Hey there,

You are on the right track.  It sounds like we've adjusted the table level write ACL for (sn_si_task) so far.

Check out the additional field level write ACL entries on (sn_si_task); many of them point to the "assigned_to" person as well.

Some of field level ACLs point to fields that you may want external users to edit, and some of these you may not want external users to edit.   

You can disable and re-create the appropriate write field level ACLs for (sn_si_task); that should get you a win.  (For example, you may not want those users to be able to write to the short_description, priority or cmdb_ci field, etc)...

find_real_file.png

View solution in original post

21 REPLIES 21

Lord Omicron
Giga Expert

The groups also need to have sn_si.external role in order to be able to see the tasks. 

I mention this in the second paragraph - it only allows them to see SITs assigned to them, but not unassigned ones that are assigned to their group. I need them to see what is assigned to their group.

rcarmack1
Kilo Guru

Based on what I've seen, I think what I need to do is to allow the "My Groups Work" to access SITs assigned to a group but not yet assigned to an individual user.  Any ideas on how to achieve that?  

Ref: https://community.servicenow.com/community?id=community_question&sys_id=d81b06f9db737bc86064eeb5ca96...

SanjivMeher
Kilo Patron
Kilo Patron

I would look at the ACL on sn_si_task. The OOB read and write ACL only allows assigned to.

I would add another condition isMemberOf to check, if user is member of that group to allow read and write to that table.

 

find_real_file.png


Please mark this response as correct or helpful if it assisted you with your question.