Thanks Brad. That's a lot of ACLs to create. I would start by going to the dictionary and search for type Collection. I recommend taking out some of the really obscure tables or tables that can get your CIO in (performance) trouble like sys_audit. Once you have a list of tables, you can create ACLs via script to grant read access to the records (and perhaps fields)

Do yourself a favor and create a role, assign it to that person or group and treat it like a real ACL issue rather than a quick hack. Someone is going to come along later and say "me too." You want to make it easy to just add them to a group and be done.

Not impossible, just a bit of work. Let us know if you need additional help.

Chuck,

Would you be able to assist me in doing this?   I have a couple users now who I think this would work for.

Thank you!

Brad

• Create a role.
• Create a group.
• Apply the role to the group.
• Put the users in the group.
• Create the read ACLs on each table that allow that role to read those tables.

User Administration - ServiceNow Wiki

Using Access Control Rules - ServiceNow Wiki

Security Best Practices - ServiceNow Wiki

Contextual Security - ServiceNow Wiki    

This is probably too late to help, but - for future reference - while using the snc_read_only role you can still make it possible for users to create reports.   If you add the properties listed under Section 5 in the wiki article below, you can add the "sys_report" table to an exception list for the snc_read_only permissions override.

ServiceNow Read Only Role - ServiceNow Wiki