Restrict read access to RITM variable content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-20-2024 02:19 AM
Hi, I have a requirement to restrict read access to one catalog item's variable contents. The catalog item needs to remain open for all users to write/complete & submit.
Once logged/completed, we need the variable contents to be only visible to one specific itil group.
So far, using business rules to accomplish this has resulted in the catalog item variables disappearing for users who need to log the REQ, so not a suitable result. I believe the way to go is to use ACLs, however attempting to use ACLs has so far not worked for me, I've found the variables/variable contents aren't restricted.
Do I need to find the 'parent' AC that overall allows read access to all RITM variables, and amend it to exclude this one catalog item, or does my Access Control need some work/scripting?
The ACL I attempted:
Condition 1 - Item is '********'
Security Attribute Condition - Group is '**********'
I also tried:
Condition 1 - Item is '********'
Security Attribute Condition - Group Explicit is '**********'
- Labels:
-
Service Catalog
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-20-2024 02:49 AM
why not have display BR on RITM table and check the group membership and then use onLoad client script to hide that variable?
If my response helped please mark it correct and close the thread so that it benefits future readers.
Ankur
✨ Certified Technical Architect || ✨ 9x ServiceNow MVP || ✨ ServiceNow Community Leader
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-20-2024 05:11 AM
Hi @RhianClarke,
If you're looking to allow Write Access to a specific Variable, you can set those accesses on the Catalog Item. My suggestion would be to create a Role specifically for this purpose, add the Role to the Group(s) who will need to have Write access to the Variable(s) and then associate the new Role to the Variable directly on the Catalog Item.
Hope this helps!
Josh Pirozzi
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-28-2024 12:46 AM
Thanks Ankur & Josh, in the end I resolved this with a new role and then used an on load script in Catalog Client Script to restrict the variables I needed to in the back-end, selecting 'Applies on Requested Items' and 'Applies on Catalog Tasks'
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-17-2024 04:02 AM
Hi Rhian,
We are migrating from BMC to Servicenow and completelynew to this space.
We are now have the same requriement. can u share the solution u implemented please.
Thanks in advance.
