ITIL Admin Role/Permissions

Go to solution
jmoore
Mega Expert

‎07-14-2017 07:22 PM

Hi,

We'd like our users with the ITIL Admin role to be able to perform the following actions. Are these generally functions that users with the itil_admin role should be able to perform, or are they seen as more admin roles/functionality? Is there a way update the role or do I need to create ACLs?

1) Add types to groups. Currently, they are unable to read the sys_user_group_type table.

find_real_file.png

2) Edit group relationships. The edit button is not displayed.

find_real_file.png

3) Drill into the details of report based on the Problem Metric table

find_real_file.png

Thanks!
Jessica

Preview file
14 KB
Preview file
54 KB
Preview file
63 KB
0 Helpfuls
  • 4,787 Views
1 ACCEPTED SOLUTION

Go to solution
Jaspal Singh
Mega Patron
Mega Patron

‎07-14-2017 11:27 PM

Hi Jessica,



It all depends on the business requirements of the company.



Mostly they are restricted to only Admins but if there are cases wherein other Users should also be able to do those stuffs it can be managed by creating roles & updating existing ACLs on those tables that are currently applicable only to admins.



Kindly find my comments in red.



1) Add types to groups. Currently, they are unable to read the sys_user_group_type table.


There is an ACL for this table that has Admin overrides & hence works only for Admins. You can add necessary role (itil_admin) so as to make it work for them as well.



2) Edit group relationships. The edit button is not displayed.


Are you referring this to CI relationship & group association to that. If yes, we have ACLs on cmdb_rel_ci table for read & write access which is limited to Admins OOB. You can modify those ACLs by adding itil_admin role & would work well then.



3) Drill into the details of report based on the Problem Metric table


For this you need to create a read ACL on the Problem Metric table & add itil_admin role for it to work.



Thanks,


Jaspal Singh



Hit Like or Correct on the impact of response.


View solution in original post

0 Helpfuls
2 REPLIES 2

Go to solution
Jaspal Singh
Mega Patron
Mega Patron

‎07-14-2017 11:27 PM

Hi Jessica,



It all depends on the business requirements of the company.



Mostly they are restricted to only Admins but if there are cases wherein other Users should also be able to do those stuffs it can be managed by creating roles & updating existing ACLs on those tables that are currently applicable only to admins.



Kindly find my comments in red.



1) Add types to groups. Currently, they are unable to read the sys_user_group_type table.


There is an ACL for this table that has Admin overrides & hence works only for Admins. You can add necessary role (itil_admin) so as to make it work for them as well.



2) Edit group relationships. The edit button is not displayed.


Are you referring this to CI relationship & group association to that. If yes, we have ACLs on cmdb_rel_ci table for read & write access which is limited to Admins OOB. You can modify those ACLs by adding itil_admin role & would work well then.



3) Drill into the details of report based on the Problem Metric table


For this you need to create a read ACL on the Problem Metric table & add itil_admin role for it to work.



Thanks,


Jaspal Singh



Hit Like or Correct on the impact of response.


0 Helpfuls

Go to solution
antin_s
ServiceNow Employee
ServiceNow Employee

‎07-14-2017 11:27 PM

Hi Jessica,



Yes, ACLs and Display Business Rules are the way to get access. Please add required ACLs or modify existing ACLs of those 3 tables. That should be enough.



But please keep in mind that some of these (especially group/role) related are admin functionalities and may not be itil functionalities.



Hope this helps. Mark the answer as correct/helpful based on impact.



Thanks


Antin