Adding role removes catalog category visibility

James Michaels1 · ‎07-21-2016

If I create a user and give them the ITIL role they are able to open the service catalog and view the categories and items within it. If I add a particular custom role to them they are still able to open the catalog but can no longer see the categories or items. Adding any other custom role doesn't impact their access. My understanding of the way the ACLs work is that once one role gives access adding another can't cause you to fail the ACL so I assume there is something else causing this but I'm not sure what it could be. Any thoughts?

James Michaels1 · ‎11-27-2017

I figured out the solution to this a little while ago. We were forcing a homepage for users with a particular role and apparently if you force a homepage through a BR on the Portal Page table it prevents access to the catalog presumably because the catalog is itself a portal page.

View solution in original post

Chuck Tomasi · ‎07-21-2016

Hi James,

Check the User Criteria. There may be a criteria defined for that category/catalog/or item that denies access to that criteria definition.

See if any items or categories have something listed on the related list "Not available for"

User Criteria - ServiceNow Wiki

James Michaels1 · ‎07-21-2016

That doesn't seem to be the case as none of the categories have user criteria set.

Chuck Tomasi · ‎07-21-2016

Thank you for checking that. I don't see anything related to roles on categories or items in the legacy entitlements.

Scratching head while I think of possible other things to check...

Pradeep Sharma · ‎07-21-2016

Hi James,

Pre Fuji access can be denied based on entitlement script or other options mentioned here.

Legacy:Service Catalog Access Controls - ServiceNow Wiki

For latest release check for User Criteria.

User Criteria - ServiceNow Wiki