Enable ITIL users to create projects and edit their own

mitzaka
Mega Guru

‎04-08-2015 11:54 PM

Hi SNC,

I am trying to give some flexibility in my instance and enable ITIL users to create new projects. However, I want them to be able to edit only the project which they have created, not ones created by others.

I tried by placing a couple of ACL rules on pm_project table:

1. create - ITIL users

2. edit - ITIL users + the condition of current.created_by == gs.getUserID();

However, this does not seem to work well, as they are able to create projects, but can modify all projects.

Any ideas of how I could accomplish this?

And also on the side I was thinking that perhaps I would have to force similar restrictions to the pm_project_task as well, because it's the tasks which I need to prevent from editing, right?

0 Helpfuls
  • 1,100 Views
7 REPLIES 7

Pradeep Sharma
ServiceNow Employee
ServiceNow Employee

‎04-09-2015 12:08 AM

Hi Dimitar,



You can turn on the debugger in your instance and check further to understanding which ACL is allowing the access.


http://wiki.servicenow.com/index.php?title=JavaScript_Debugger


0 Helpfuls

Anurag Tripathi
Mega Patron
Mega Patron

‎04-09-2015 12:52 AM

To use project management users need to have project_manager / project_user roles. Only ITIL wont help.


Now find the existing write acl on project and project task table and make appropriate changes there.


-Anurag
0 Helpfuls

david_legrand
Kilo Sage

‎04-09-2015 01:17 AM

Hi Dimitar,



Before modifying the ACLs or anything, maybe you should ask your ServiceNow representative because at my knowledge the project portfolio suite is a separated application with specific pricing.


So if you modify the ACLs without the agreement from your representative, you won't be compliant with ServiceNow licenses.




0 Helpfuls

mitzaka
Mega Guru

‎04-09-2015 05:12 AM

Thanks for the comments guys. I though of all you said, and I switched the approach a bit.


What I am looking to do now is create a custom role, which will include the project_user role, perhaps and the project_manager role. And on top of that I want to set the condition in that role to restrict editing of projects, unless you are the project manager of the project. Do you know how could I do this?


0 Helpfuls