External Access for Security Incident Response Tasks

rcarmack1 · ‎02-28-2020

When we stood up the Security Incident Response module, our request was that non-SOC members could not see the SIR, but could only be assigned SITs. Based on this, the appropriate groups were given the "response_task" Type and can be assigned tasks. However, we are having issues with these groups being able to see what is assigned to them. At this point, no one can see any tasks unless they get assigned to that person specifically.

Currently, no groups have the role "sn_si.external", which I've been taking a look at. This seems to give users visibility under "My Work" when they are assigned something specifically, but unassigned tasks cannot be seen under "My Groups Work", which is what we are trying to accomplish.

andy_ojha · ‎03-02-2020

Hey there,

You are on the right track. It sounds like we've adjusted the table level write ACL for (sn_si_task) so far.

Check out the additional field level write ACL entries on (sn_si_task); many of them point to the "assigned_to" person as well.

Some of field level ACLs point to fields that you may want external users to edit, and some of these you may not want external users to edit.

You can disable and re-create the appropriate write field level ACLs for (sn_si_task); that should get you a win. (For example, you may not want those users to be able to write to the short_description, priority or cmdb_ci field, etc)...

View solution in original post

andy_ojha · ‎01-05-2022

Hey All -- Wow, this issue an "oldie but goodie"!

@Fredrik Standahl - thanks for updating this thread with the responses you've got to move this forward, and including the newer piece to the puzzle, that extra business rule "initially assign to self".

If folks have a few minutes, perhaps to you add an upvote and a comment on this Community Idea and we can try again to get this addressed in the base product:

https://community.servicenow.com/community?id=view_idea&sysparm_idea_id=46086b66dbf48910e2adc2230596192e&sysparm_idea_table=x_snc_com_ideation_idea&sysparm_module_id=enhancement_requests

Mihir1 · ‎01-06-2022

Thanks a lot @Fredrik Standahl. Truly appreciate your helpful and highly descriptive solution.

andy_ojha · ‎01-05-2022

Hey All -- Wow, this issue an "oldie but goodie"!

@Fredrik Standahl - thanks for updating this thread with the responses you've got to move this forward, and including the newer piece to the puzzle, that extra business rule "initially assign to self".

If folks have a few minutes, perhaps to you add an upvote and a comment on this Community Idea and we can try again to get this addressed in the base product:

https://community.servicenow.com/community?id=view_idea&sysparm_idea_id=46086b66dbf48910e2adc2230596192e&sysparm_idea_table=x_snc_com_ideation_idea&sysparm_module_id=enhancement_requests

Fredrik Standah · ‎01-05-2022

Thanks for creating the enchancement request, seems they are pushing heavy for us to create and vote on ideas. The problem for us is that SecOps is not widely used, so we're never going to get enough votes to make a proper change through the idea portal 😕

Fredrik Standah · ‎01-05-2022

Didn't realize you are part of SNOW! Would be great if you could show the higher ups the issue with the design when combining response tasks and teams outside SecOps.

We've tried escalating this a couple of times. No idea if it has, but works great for us now with the fixes that's been provided.