Why Regular IT(ITIL) agents are unable to view records of SW Installation(cmdb_sam_sw_install) Table

PoornachandarA · ‎09-12-2024

Regular IT (ITIL) agents are unable to view the **Software Installation** table in ServiceNow. It appears that the current visibility is restricted to users with the **SAM Pro** (sam_user) role. However, regular CMDB or IT agents should have access to see software installed on the devices they manage, especially for network administrators who need to monitor the software installed on their servers. The question is whether the SAM Pro role is the only option to grant this visibility, and if not, what configuration changes or access rights need to be adjusted to allow regular IT agents to access the Software Installation table."

Steps to Reproduce:

1. Log into ServiceNow as a regular ITIL agent (without SAM Pro role).

2. Navigate to the **Software Installation** table.

3. Observe that the table is not visible or accessible to the regular ITIL agent.

4. Log into ServiceNow as a user with the **SAM Pro** (sam_user) role.

5. Navigate to the **Software Installation** table and observe that it is visible and accessible.

6. Compare the access rights between regular ITIL agents and SAM Pro role users.

Daniel Madsen · ‎09-16-2024

After installing the SAM plugin, the data will be populated in the 'cmdb_sam_sw_install' table and not the 'cmdb_software_instance' table, as documented here: Why are the Software Installations for my Server not populated after activating Software Asset Manag...

If you are allowed to do form modifications, you can remove 'Software Installed' and add 'Software Installations' on the Windows and Linux server forms, as suggested by the knowledge article.

View solution in original post

Daniel Madsen · ‎09-12-2024

There is a read ACL on the table. You can modify it and add the itil role. After adding the itil role, the user will have access.

You can find it by entering "cmdb_sam_sw_install.config" in the filter navigator, and navigating to the Access Control tab. Locate the "read" rule:

Modify it as shown in the first screenshot.

spgarg04 · ‎09-12-2024

While Daniel answered you how you can give access to cmdb_sam_sw_install table to ITIL user, but I would like to caution you against it for below reasons

1. Normally, ITIL users are who work on core ITIL modules such as incident, problem, change etc, these are core ITSM functions, whereas the SAM is more of an ITAM function.

2. SW_Install table contains sensitive data, such as how many instances of a particular software are installed in a company, this data can be used by software vendors to measure compliance and audit the company, a non compliance could result into claims and possible lawsuit, therefore this data needs to be prevented from a large population of ITIL users (who could be from one of the software vendor)

3. In many organizations, software asset management is considered more like a procurement + IT function, which involves a lot of financial data, such as cost of software, which is confidential.

Hope this explains your why, if you find my answer useful please accept this as a solution.

if my answer has helped with your question, please mark my answer as accepted solution and give a thumb up.

Best regards

Surya Prakash Garg

Connect me on Linked In

https://www.linkedin.com/in/spgarg/

PoornachandarA · ‎09-16-2024

Hi Team,

Thank you for your prompt response.

We want to provide IT Network Admins and IT Agents with visibility into the software installed on their assigned Linux and Windows servers. However, our customer has requested that we avoid any table customizations or ACL modifications.

We've found another table, 'cmdb_software_instance,' that seems to hold similar data to 'cmdb_sam_sw_install.' This table is already accessible to IT agents and ITIL users.

Our question is: Does 'cmdb_software_instance' always keep up-to-date with software installations on servers, like 'cmdb_sam_sw_install' does?

Daniel Madsen · ‎09-16-2024

After installing the SAM plugin, the data will be populated in the 'cmdb_sam_sw_install' table and not the 'cmdb_software_instance' table, as documented here: Why are the Software Installations for my Server not populated after activating Software Asset Manag...

If you are allowed to do form modifications, you can remove 'Software Installed' and add 'Software Installations' on the Windows and Linux server forms, as suggested by the knowledge article.