Role for "Request Exception" on Vulnerable item?

kris29
Tera Contributor

Hi,

 

What kind of roles do I need to see on the "Request Exception" button for vulnerable items?

According to docs I created a user with sn_vul.remediation_owner role, but I cannot see VI and "Request Exception" button in form view.

 

1 ACCEPTED SOLUTION

Fatih Karacaer
ServiceNow Employee
ServiceNow Employee

Hi Kris,

The condition for the "Request Exception" button is below:

find_real_file.png

All statements between && are conditions to be return true so that the button is visible.

1. canDefer basically looks at the state of the VIT and if the VIT is in a state in which deferring is possible.

find_real_file.png

VIT should be in one of the states above.

2. checkAccess:

find_real_file.png

Above checks if the user has any of the sn_vul_write_all and sn_vul.app_write_all roles. Or if the VIT is assign to the user Or if this VIT is a member of a Vulnerability Group which the user is assigned to.

Pretty complicated ha!

Just check if the user who is trying to view the "Request Exception" button satisfies the conditions above.

 

3. getSelectedException checks if you configured the Exception settings in the module "Exception Management Configuration" and selected "Vulnerability Response" as the option. Easy check would be look at the record in the table sn_vul_exception_config and if "Vulnerability Response" is selected.

Hope it helps.

Mark it as helpful if it is!

Fatih.

View solution in original post

1 REPLY 1

Fatih Karacaer
ServiceNow Employee
ServiceNow Employee

Hi Kris,

The condition for the "Request Exception" button is below:

find_real_file.png

All statements between && are conditions to be return true so that the button is visible.

1. canDefer basically looks at the state of the VIT and if the VIT is in a state in which deferring is possible.

find_real_file.png

VIT should be in one of the states above.

2. checkAccess:

find_real_file.png

Above checks if the user has any of the sn_vul_write_all and sn_vul.app_write_all roles. Or if the VIT is assign to the user Or if this VIT is a member of a Vulnerability Group which the user is assigned to.

Pretty complicated ha!

Just check if the user who is trying to view the "Request Exception" button satisfies the conditions above.

 

3. getSelectedException checks if you configured the Exception settings in the module "Exception Management Configuration" and selected "Vulnerability Response" as the option. Easy check would be look at the record in the table sn_vul_exception_config and if "Vulnerability Response" is selected.

Hope it helps.

Mark it as helpful if it is!

Fatih.