User with itil role not to modify CI

Go to solution
Giri6
Tera Expert

‎05-14-2020 07:37 AM

I find any user with itil role is able to modify existing configuraiton items(CI). But I see itil role has nested role cmdb_read only not write. Not sure any other nested rule is giving update access. If I need to take away modifying CIs, what is the way? Appreciate it.

0 Helpfuls
  • 1,926 Views
1 ACCEPTED SOLUTION

Go to solution
Jaspal Singh
Mega Patron
Mega Patron

‎05-14-2020 07:43 AM

Hi Giri,

 

Did you check for ACL of type write on CI (configuration item) table?

View solution in original post

0 Helpfuls
7 REPLIES 7

Go to solution
Jaspal Singh
Mega Patron
Mega Patron
In response to Giri6

‎05-14-2020 08:40 AM

Yes, it will unless at the child table you externally specify it to be overriden.

So its kind of Dictionary override that we normally use. So, if at CI table level if a field is mandatory/read-only for a child table an additional ACL can be in place of write that will allow editing for the child table only.

 

0 Helpfuls

Go to solution
Pradeep Sharma
ServiceNow Employee
ServiceNow Employee
In response to Giri6

‎05-14-2020 08:45 AM

Access controls (ACLs) can seem very intimidating when you are trying to configure your instance security rules. This article is intended to help understanding and eventually mastering the ACLs usage.

https://hi.service-now.com/kb_view.do?sysparm_article=KB0541355

Go to solution
Giri6
Tera Expert
In response to Pradeep Sharma

‎05-14-2020 09:50 AM

This is a good link. It shows the first gate is field level access and the second gate is table-level access.

somehow my class material shows the reverse the evaluation of ACL. First table level and then field level.

 

find_real_file.png

 

Preview file
310 KB
Preview file
310 KB
0 Helpfuls