
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-16-2018 08:06 AM
Hello,
Our organization uses Assignment Lookup tables to keep track of how CI's route to different support groups and what level of support they are currently with. We were interested in using the Data Certification tasks to ask our process owners to verify the data in these tables on a regular basis. Is it possible to use the data certification on non-cmdb tables?
Thanks,
Gunner
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-18-2018 04:22 AM
Yes it is possible, you could theoretically use any table. We use Data Certification to validate ServiceNow groups and roles which we regard as having elevated privileges, the owners get sent a list of members of each group and the pass (keep access) or fail (remove access) them. You set it up in the same way but select the table you want - we use Group Member (sys_user_grmember) and we use the schedule function to send this out every 6 months.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-29-2024 02:19 PM
Now that DC is moving to CMDB Workspace, is it still available to all tables, not just extensions of cmdb_ci? I'm seeing conflicting reports.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-04-2019 07:16 AM
Hi Phil,
This is exactly what I want to do. I want to use sys_user_grmember to have the group manager listed on the group to certify if the group member is still active or should be removed.
I'm going to work on this today. Ping me, if I might ask some questions or just to compare methods with yours. Sounds like you've been running this certification for awhile so you might be able to share your experience.
Jeff
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-06-2019 08:13 AM
Happy to help if I can...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-06-2019 10:45 AM
Great. Thanks.
My boss wants to generate cert tasks to have the manager of the group validate if the current members are still active, need removed or someone needs added.
I was thinking he should use the sys_user_grmember table so there would be a line item for each member to pass or fail. He was going to use the sys_user_group but that would be hard to just pass or fail. If they fail at the group level they would have to explain in work notes why and which users need added or removed.
You are using sys_user_grmember for you cert tasks, what field exactly on that table do you display for the task assignee to validate? Did you add a custom field to that table? or do they just pass or fail the user's name and provide a comment? What if the group manager wants to add a user, how do they communicate that for a group?
once the pass/fail are made, I assume you don't have the task assignee make the actual updates to groups so does someone else run a report on what failed, and then they make the changes based off that list of fails? or do you then create another task for an admin to do the remediations?
Not sure which approach to take as there are several ways to do it.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-14-2019 06:15 AM
Hi again.
Yes, we run this off the sys_user_grmember table. The display field is Group as it is members of the group(s) we are certifying. The Certification field is User.
The Assignment type is User Field and the Assign To value is Group Manager. This assumes that each group has a Group Manager assigned. If not, the tasks get sent to a named individual using the Assign to empty value. Here's a screenshot of an example.
The Group Manager receives a task that contains one line for each individual in that group. So if the group has 5 members they get 5 entries. If they have 2 groups each with 5 members then they get 10 entries.
The way we work it, if they want the person to continue to be a member of the group then they pass the certification and no further action is required. If they want the individual to be removed then they fail that entry on the certification and we (ServiceNow Admins) review the audit log to identify who should be removed. We're working on automating that but need to be careful as we need to ensure the certifier really means that removal to happen.
Here's the output of the Audit log, the Failed entry needs our action to remove the individual from the group.
If someone wants a user added to a group then that's not a certification task, that's done through a catalogue item request. That's also because only Admins have access to add users to groups.
by the way, we do other certification where the users can modify entries, they make the change then certify the entry as correct. That's better than them having to make the updates separately.
Hope that helps a bit. You are right, there may be various ways to do this and the real gap is that ServiceNow haven't really defined the full end to end process in their own documentation.
Phil