Relationships between Subscriptions and Groups and Roles

Go to solution
ajk
Tera Expert

‎01-27-2025 06:23 AM

Hello!

Can anyone help me with this question?

I understand that Subscriptions have groups assigned to them, (subscription groups?), and therefore any members of those groups consume a licence. But, can a user consume a licence just by having a specific role directly assigned to them, (I know, this is against best practice!), if that role is also assigned to a 'subscription group'?

 

For example - in our ITSM Pro subscription, we have many groups assigned to this subscription, and many roles assigned to those groups, including the ITIL role.

 

Therefore any user of the ITIL role where the role was granted by one of these subscription groups, is consuming an ITSM licence - fact.

 

However, if a user was given the ITIL role directly, (bad practice alert!), without being a member of any groups, (i.e. Granted by = (empty)), would they still consume a ITSM licence?

0 Helpfuls
  • 1,437 Views
1 ACCEPTED SOLUTION

Go to solution
Mark Manders
Mega Patron
In response to ajk

‎01-28-2025 03:54 AM

It doesn't really make sense to grant someone responsible for a Knowledge Base the ITIL role, because it gives access that does not belong to that role, but I don't have to explain that, because you already know.

 

Related to what ServiceNow does themselves: they really are a 'do as I say, not as I do' company when it comes to best practices. Did you ever run the instance scan on a new, clean instance? That should tell you enough. 

I do understand why they do it. The user needs that role, because otherwise he can't do his work and there is no OOB Knowledge Manager group. It's also complex logic that if you remove someone from the group, he should also be removed as owner of the KB.

 

As to your configuration, your knowledge managers are consuming an ITIL license at the moment, even though you don't see them on the subscription mgt dashboard.


Please mark any helpful or correct solutions as such. That helps others find their solutions.
Mark

View solution in original post

4 REPLIES 4

Go to solution
Mark Manders
Mega Patron

‎01-27-2025 06:36 AM

Keep in mind that Subscription mgt is something you need to configure and maintain yourself. ServiceNow is not doing this for you. So it's not just 'subscription groups' but you should in fact add any group containing any roles that consume a subscription (roles are on one of the related lists to the subscription).

 

One of the reasons to NOT ASSIGN ROLES DIRECTLY, which is, as you already stated, bad practice, (next to maintenance) is that these users aren't counted on your subscription mgt dashboard. But you don't have to worry, because ServiceNow will bill you for them. You don't have to call them about this, they will find every user and every transaction they can bill you for, according to your contract. 

 

So yes, ITIL users that have the role assigned directly may not be on your dashboard, but you will have to pay for them (and it could even cause you to run out of compliance, because you don't know about them, but ServiceNow does sent the bill).


Please mark any helpful or correct solutions as such. That helps others find their solutions.
Mark

Go to solution
ajk
Tera Expert

‎01-27-2025 09:02 AM

Thanks for your response @Mark Manders . Our particular issue has arisen because Knowledge Management (out of the box) assigns the knowledge_manager role directly, (no group involved), to anyone designated as either a Manager or Owner of a knowledgebase. Its a bit odd that ServiceNow provide this feature rolled up in the application, when its clearly against best practice to do so.

 

Our problem is that we have the ITIL role embedded within the knowledge_manager role, so anyone granted Owner or Manager of a Knowledgebase is consuming an ITSM licence through the ITIL role, (according to your answer). We understand we should remove the ITIL role from the knowledge_manager role, but I wanted to understand the licencing impact of 'doing nothing' before we acted.

0 Helpfuls

Go to solution
Mark Manders
Mega Patron
In response to ajk

‎01-28-2025 03:54 AM

It doesn't really make sense to grant someone responsible for a Knowledge Base the ITIL role, because it gives access that does not belong to that role, but I don't have to explain that, because you already know.

 

Related to what ServiceNow does themselves: they really are a 'do as I say, not as I do' company when it comes to best practices. Did you ever run the instance scan on a new, clean instance? That should tell you enough. 

I do understand why they do it. The user needs that role, because otherwise he can't do his work and there is no OOB Knowledge Manager group. It's also complex logic that if you remove someone from the group, he should also be removed as owner of the KB.

 

As to your configuration, your knowledge managers are consuming an ITIL license at the moment, even though you don't see them on the subscription mgt dashboard.


Please mark any helpful or correct solutions as such. That helps others find their solutions.
Mark

Go to solution
ajk
Tera Expert
In response to Mark Manders

‎01-28-2025 04:36 AM

Thanks again @Mark Manders for your response. I have checked my personal developer instance (Washington) and the out-the-box functionality of auto-assigning the knowledge_manager role directly to the user is there. 

We'll consider our options - but your information has been very helpful. Thanks! 

0 Helpfuls