Hi @Purushotham1992 ,

To make the CAB Workbench Calendar read-only for all users except members of the sn_change group in ServiceNow, you’ll want to apply a combination of ACLs (Access Control Rules) and UI Policy or Client Script restrictions depending on how the calendar is rendered. Here's a structured approach:

Step 1: Restrict Write Access via ACL

Create an ACL on the relevant table or UI page that powers the CAB calendar (likely cab_workbench_calendar or a related custom table):

• Type: Record ACL
• Operation: write
• Table: cab_workbench_calendar (or the actual table used)
• Condition: gs.hasRole('sn_change')
• Script (if needed):
• answer = gs.getUser().isMemberOf('sn_change');

This ensures only sn_change group members can modify calendar entries.

Step 2: Make Calendar UI Read-Only for Others

If the calendar is rendered via a UI Page, Widget, or Form, apply one of the following:

Option A: UI Policy (for Forms)

• Set all editable fields to read-only when the user is not in sn_change.

Option B: Client Script (for Widgets or Custom UI)

if (!gs.getUser().isMemberOf('sn_change')) {

  // Disable calendar interaction

  g_form.setReadOnly('calendar_field', true); // if it's a form field

  // Or use DOM manipulation if it's a widget

}

Step 3: Restrict CAB Workbench Access (Optional)

If you want to restrict access to the entire CAB Workbench, not just the calendar:

• Apply a Role requirement on the CAB Workbench module:
• Navigate to Application Navigator > System Definition > Modules
• Find CAB Workbench
• Add sn_change to the Roles field

This hides the module from users outside the group.

Final Check

• Test with a user in and outside the sn_change group.
• Confirm that non-members can view but not edit calendar entries.
• Ensure no unintended access is granted via other roles like admin.

If my response helped please mark it correct and close the thread so that it benefits future readers.

Thanks,

Anupam.