PPM user and roles

Steven Chaparro · ‎03-24-2020

Hello Everyone,

I have implemented Project Portfolio Management with Financials in our instance. I have configured the Categories for an Idea Module, define the stake holders, and created a set of groups to assign the roles thats going to be used by the PPM.
These are the groups I created for each role:

Resource users group - contains resource_user role
Resource Managers group - contains resource_manager role
Demand Users group - contains it_demand_user role
Demand Managers group - contains it_demand_manager role
Idea Managers group - contains idea_manager role

I didnt created a group for Portfolio Managers and Program Managers because those roles are getting assigned when you select a portfolio manager when creating a new portfolio, or when you select a program manager when creating a new program.

I have one person, that works as a Project Manager, and that person wants me to grant all the roles for PPM, like a One-Man band. I dont know if there is any security in place that could affect what that user can see or cannot see if I grant all the roles. I want to know what would be the best practice and approach for this type of request, someone wanting to be available to do everything under the PPM. If there is something I may be missing just let me know.

Miguel Donayre · ‎03-24-2020

You can directly assign those roles to a user/ group without having to create any portfolio. I just did it on my box and I still have access to modules without that user being assigned to a portfolio or program. You don't have to create any new programs or portfolios to give that person the roles. There should not be any security issues assign the roles. Just keep in mind the information and data that will be exposed to that user.

Why don't you create a new group and handpick the roles you want to give that person. Run through a couple of tests with a test user in that group and see if you are comfortable with that access. You can always switch out admin/ manager roles with their counterpart "user" roles to balance out permissions. The OOTB Project manager has a lot of those modules "user" roles for example. Keep it OOTB as much as possible.

That's how I would approach that.

View solution in original post

Allen Andreas · ‎03-24-2020

Hi,

This link has access to all the role that a certain role is "nested" with:

https://docs.servicenow.com/bundle/kingston-it-business-management/page/product/project-portfolio-su...

It is common that someone from PPM (most likely another sys admin from that side of things), would be given this access.

I'm unsure of the layout of your org, but I would get clearance before just randomly handing it out, but if they are versed enough in PPM within SN, then that seems like the logical next step.

Again, there's usually a separate Sys Admin that has more of the keys in that space, if the org has the manpower for that.

Please mark reply as Helpful/Correct, if applicable. Thanks!

Please consider marking my reply as Helpful and/or Accept Solution, if applicable. Thanks!

Miguel Donayre · ‎03-24-2020

Hello @Steven Chaparro

you can try the giving that person the PPS admin [it_pps_admin]. It's a low-level admin role for just PPM. you can also give them the Project manager [it_project_manager]. I guess you need to figure out what that person is trying to do and see what role fits that person's needs. As far as security the PPS admin will have visibility to everything in PPM.

here is the link for all roles for the New York release -

https://docs.servicenow.com/bundle/newyork-it-business-management/page/product/project-portfolio-sui...

Al Amodeo LTE · ‎12-24-2020

@Miguel Donayre This link is awesome. Thanks.

Steven Chaparro · ‎03-24-2020

Thank you both for your reply! I forgot to mention that we wanted to avoid for now giving the PPS admin role, just because this will allow the user to assign PPM roles to someone else. I have done a little research on the documentation page and I have seen that the Portfolio Manager role is the one that has the most roles nested that could satisfy my request, but this role is assigned after the Portfolio is created and a manager is selected if I'm not mistaken. Assuming I create a portfolio and select the user as the porfolio manager, and then a program can be created and the same user is selected as the program manager, that will leave the idea management, resource management, test management, Agile development, and time card management roles unassigned. Will it be safe and there will be no security issue assigning those roles to the user in addition to the ones inherited as portfolio and program manager?