External Access for Security Incident Response Tasks

Go to solution
rcarmack1
Kilo Guru

‎02-28-2020 08:57 AM

When we stood up the Security Incident Response module, our request was that non-SOC members could not see the SIR, but could only be assigned SITs.  Based on this, the appropriate groups were given the "response_task" Type and can be assigned tasks.  However, we are having issues with these groups being able to see what is assigned to them.  At this point, no one can see any tasks unless they get assigned to that person specifically.  

Currently, no groups have the role "sn_si.external", which I've been taking a look at.  This seems to give users visibility under "My Work" when they are assigned something specifically, but unassigned tasks cannot be seen under "My Groups Work", which is what we are trying to accomplish. 

Labels:
  • 5,124 Views
1 ACCEPTED SOLUTION

Go to solution
andy_ojha
ServiceNow Employee
ServiceNow Employee
In response to rcarmack1

‎03-02-2020 01:44 PM

Hey there,

You are on the right track.  It sounds like we've adjusted the table level write ACL for (sn_si_task) so far.

Check out the additional field level write ACL entries on (sn_si_task); many of them point to the "assigned_to" person as well.

Some of field level ACLs point to fields that you may want external users to edit, and some of these you may not want external users to edit.   

You can disable and re-create the appropriate write field level ACLs for (sn_si_task); that should get you a win.  (For example, you may not want those users to be able to write to the short_description, priority or cmdb_ci field, etc)...

find_real_file.png

View solution in original post

Preview file
10 KB
Preview file
9 KB
Preview file
10 KB
0 Helpfuls
21 REPLIES 21

Go to solution
Lord Omicron
Giga Expert

‎02-28-2020 10:13 AM

The groups also need to have sn_si.external role in order to be able to see the tasks. 

0 Helpfuls

Go to solution
rcarmack1
Kilo Guru
In response to Lord Omicron

‎02-28-2020 10:24 AM

I mention this in the second paragraph - it only allows them to see SITs assigned to them, but not unassigned ones that are assigned to their group. I need them to see what is assigned to their group.

0 Helpfuls

Go to solution
rcarmack1
Kilo Guru

‎02-28-2020 12:56 PM

Based on what I've seen, I think what I need to do is to allow the "My Groups Work" to access SITs assigned to a group but not yet assigned to an individual user.  Any ideas on how to achieve that?  

Ref: https://community.servicenow.com/community?id=community_question&sys_id=d81b06f9db737bc86064eeb5ca96...

0 Helpfuls

Go to solution
SanjivMeher
Kilo Patron
Kilo Patron

‎02-28-2020 03:22 PM

I would look at the ACL on sn_si_task. The OOB read and write ACL only allows assigned to.

I would add another condition isMemberOf to check, if user is member of that group to allow read and write to that table.

 

find_real_file.png


Please mark this response as correct or helpful if it assisted you with your question.
Preview file
70 KB