Can't remove approvers

John Vo1 · ‎10-04-2016

I have an issue where users are able to add approvers when they select the Edit button. But when they try to remove them from the list it will still show up.

Once they save and go back to the RITM both users that they removed will show back up.

Chuck Tomasi · ‎10-04-2016

If that's the current ACL, I'd recommend using both of those in the roles embedded list for easier maintenance and faster performance (roles are cached, scripts are not.)

View solution in original post

Chuck Tomasi · ‎10-04-2016

It's most likely that they don't have delete access to the sysapproval_approver table - nor would you want them to in most cases.

Check your ACLs carefully to ensure the right people have the right access at the right time (e.g. only change_owners can delete while in the Draft state, for example.) That can all be wrapped up in one ACL.

Docs: Access control rules

Docs: Contextual security

Security Best Practices - ServiceNow Wiki

John Vo1 · ‎10-04-2016

Chuck,

You are correct that I don't want them to have delete access. But I at least want then to remove the the approvers if the wrong approver is in the list.

Thanks,

JOhn

Chuck Tomasi · ‎10-04-2016

Removing an approval requires delete access to remove the record from the table (which removes it from the list.)

John Vo1 · ‎10-04-2016

So I would just need to add their role to the script like this.

answer = gs.hasRole('approval_admin') || gs.hasRole('itil')