Can we limit access/view of incident to group members only?

Gerry Crumbley
Giga Expert

‎06-29-2017 07:37 AM

How can I limit access and viewing of incidents to only those assignment groups in which the ITIL user is a member of?

We want to stop people in Data Management group from seeing/altering incidents in the Wireless group, etc.

If I am in Assignment Groups: VIP Support; Technical Services; and User Support, then I should only be able to see or have access to incidents in those groups. I should not be able to see incidents in Wireless or Data Management.

Is this possible?

0 Helpfuls
  • 9,879 Views
17 REPLIES 17

Chuck Tomasi
Tera Patron
In response to Gerry Crumbley

‎06-29-2017 08:57 AM

Thanks for the image.



You need to first elevate your role to allow security_admin roles. From your name in the title bar, click the menu and select Elevate Roles.



find_real_file.png



Next, check the security_admin box and click OK.


find_real_file.png



Now you will be able to manage your ACLs.


Preview file
167 KB
Preview file
83 KB
0 Helpfuls

Yoeri
Tera Contributor
In response to Gerry Crumbley

‎03-07-2024 02:13 AM

You should elevate your role to security admin first

0 Helpfuls

prashantatsastr
Giga Expert

‎06-29-2017 10:31 PM

Hi Gerry,



Adding to what ctomasi has explained, I am taking it further as you are new to SN platform.



Please use below servicenow wiki link to create new ACL on the table.



http://wiki.servicenow.com/index.php?title=Using_Access_Control_Rules#gsc.tab=0


You should get some idea about ACL from the link.



Please let me know if you need more details/ assistance to create ACL for your scenario.



P.S: Please hit like, helpful or mark correct depending on impact of the response.



Regards,


Prashant


0 Helpfuls

Gerry Crumbley
Giga Expert
In response to prashantatsastr

‎06-30-2017 01:09 PM

Is this correct?


I don't see where I am supposed to give this new ACL a name . . .



find_real_file.png


0 Helpfuls

prashantatsastr
Giga Expert
In response to Gerry Crumbley

‎07-02-2017 09:48 PM

Hi Gerry,


Sorry for late reply.



Few things here.


1. You will not have to provide name for any ACLs.


2. Above ACL will not work for the scenario which you need. It will provide read access to users with 'itil' role on user field of incident table when user belongs to any assignment groups.



Now let me give you a hint how to achieve this requirement.


1. Remove the condition which states 'Assignment group' is dynamic and modify it as 'Assignment group' is 'wireless'.


2. Please tick 'Advance' check box in ACL. you should see the script box below.


3. Remove 'user' and select none in 3 row(Name field) of ACL.


4. Write below script for restricting   read access for 'Data Management' assigment group member.



if(gs.getUser.isMemberOf('Data Management'))


{


return false;


}


else


{


return true;


}



P.S: Please hit like, helpful or mark correct depending on impact of the response.


Regards,


Prashant


0 Helpfuls