PPM user and roles

Go to solution
Steven Chaparro
ServiceNow Employee
ServiceNow Employee

‎03-24-2020 06:26 AM

Hello Everyone,

I have implemented Project Portfolio Management with Financials in our instance. I have configured the Categories for an Idea Module, define the stake holders, and created a set of groups to assign the roles thats going to be used by the PPM. 
These are the groups I created for each role:

Resource users group - contains resource_user role
Resource Managers group - contains resource_manager role
Demand Users group - contains it_demand_user role
Demand Managers group - contains it_demand_manager role
Idea Managers group - contains idea_manager role

I didnt created a group for Portfolio Managers and Program Managers because those roles are getting assigned when you select a portfolio manager when creating a new portfolio, or when you select a program manager when creating a new program.

I have one person, that works as a Project Manager, and that person wants me to grant all the roles for PPM, like a One-Man band. I dont know if there is any security in place that could affect what that user can see or cannot see if I grant all the roles. I want to know what would be the best practice and approach for this type of request, someone wanting to be available to do everything under the PPM. If there is something I may be missing just let me know.

0 Helpfuls
  • 7,896 Views
1 ACCEPTED SOLUTION

Go to solution
Miguel Donayre
ServiceNow Employee
ServiceNow Employee

‎03-24-2020 08:49 AM

You can directly assign those roles to a user/ group without having to create any portfolio. I just did it on my box and I still have access to modules without that user being assigned to a portfolio or program. You don't have to create any new programs or portfolios to give that person the roles. There should not be any security issues assign the roles. Just keep in mind the information and data that will be exposed to that user. 

Why don't you create a new group and handpick the roles you want to give that person. Run through a couple of tests with a test user in that group and see if you are comfortable with that access.  You can always switch out admin/ manager roles with their counterpart "user" roles to balance out permissions.  The OOTB Project manager has a lot of those modules "user" roles for example. Keep it OOTB as much as possible. 

That's how I would approach that. 

View solution in original post

5 REPLIES 5

Go to solution
Miguel Donayre
ServiceNow Employee
ServiceNow Employee

‎03-24-2020 08:49 AM

You can directly assign those roles to a user/ group without having to create any portfolio. I just did it on my box and I still have access to modules without that user being assigned to a portfolio or program. You don't have to create any new programs or portfolios to give that person the roles. There should not be any security issues assign the roles. Just keep in mind the information and data that will be exposed to that user. 

Why don't you create a new group and handpick the roles you want to give that person. Run through a couple of tests with a test user in that group and see if you are comfortable with that access.  You can always switch out admin/ manager roles with their counterpart "user" roles to balance out permissions.  The OOTB Project manager has a lot of those modules "user" roles for example. Keep it OOTB as much as possible. 

That's how I would approach that.