Employee Roles for ESC Portal
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
yesterday
Hello!
We are in the process of cleaning up our users and it has been noticed that the previous team responsible for Snow were manually adding the cmdb_read role to each employee so they could see reference fields while logging tickets.
We've been trying to find the best practices for end user employees who will only use the ESC Portal to log tickets and requests.
We are looking at creating a group that has the cmdb_read role and then adding in all our current employees but if there is a better way any assistance/guidance would be greatly appreciated!
Liam
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
yesterday - last edited yesterday
If you enable this ACL on the cmdb_ci table, you no longer need to add the cmdb_read role. All authenticated users will be able to view it.
If you don’t want to enable it, As per best practice - simply create a separate group named “CMDB Read Group.” Assign the “cmdb_read” role to this group and add the users you want to grant access to.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
yesterday
@LiamO - did you get a chance to check?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
yesterday
You have 2 options.
1. If you want to give blanket permission to a role, do it in ACL. cmdb_read role and service_viewer role has CMDB read permissions by default and there is an inactive ACL that can allow authenticated OR roleless users access to cmdb read permissions. Recommend you to not follow this as it is not best practices from security standpoint
2. Create a group and add users that needs access to this group and add cmdb_read role to the group
As per community guidelines, you can accept more than one answer as accepted solution. If my response helped to answer your query, please mark it helpful & accept the solution.
Thanks,
Bhuvan
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
yesterday
Hi @LiamO ,
As per best practice of the Servicenow - We should try to achieve everything with configurations not be coding so creating a group for users with teh required role is a better way rather then doing it with any ACL or scripting. Create a group- add only relevant members to that group and provide relevant role to that group is simple and correct way.
Regards,
Nikhil Bajaj