Employee Roles for ESC Portal

LiamO
Tera Contributor

3 weeks ago

Hello! 

 

We are in the process of cleaning up our users and it has been noticed that the previous team responsible for Snow were manually adding the cmdb_read role to each employee so they could see reference fields while logging tickets.

 

We've been trying to find the best practices for end user employees who will only use the ESC Portal to log tickets and requests. 

 

We are looking at creating a group that has the cmdb_read role and then adding in all our current employees but if there is a better way any assistance/guidance would be greatly appreciated! 

 

Liam

 

0 Helpfuls
  • 761 Views
6 REPLIES 6

Ajay_Chavan
Kilo Sage

3 weeks ago - last edited 3 weeks ago

Screenshot 2025-09-08 at 02.53.44.png

 

If you enable this ACL on the cmdb_ci table, you no longer need to add the cmdb_read role. All authenticated users will be able to view it. 

 

If you don’t want to enable it, As per best practice - simply create a separate group named “CMDB Read Group.” Assign the “cmdb_read” role to this group and add the users you want to grant access to.

 

Glad I could help! If this solved your issue, please mark it as Helpful and Accept as Solution so others can benefit too.*****Chavan A.P. | Technical Architect | Certified Professional*****
0 Helpfuls

Ajay_Chavan
Kilo Sage
In response to Ajay_Chavan

3 weeks ago

@LiamO - did you get a chance to check?

Glad I could help! If this solved your issue, please mark it as Helpful and Accept as Solution so others can benefit too.*****Chavan A.P. | Technical Architect | Certified Professional*****
0 Helpfuls

Bhuvan
Kilo Patron

3 weeks ago

@LiamO 

 

You have 2 options.

 

1. If you want to give blanket permission to a role, do it in ACL. cmdb_read role and service_viewer role has CMDB read permissions by default and there is an inactive ACL that can allow authenticated OR roleless users access to cmdb read permissions. Recommend you to not follow this as it is not best practices from security standpoint

 

Bhuvan_0-1757296989091.png

Bhuvan_1-1757297041085.png

 

2. Create a group and add users that needs access to this group and add cmdb_read role to the group

 

As per community guidelines, you can accept more than one answer as accepted solution. If my response helped to answer your query, please mark it helpful & accept the solution.

 

Thanks,

Bhuvan

0 Helpfuls

Bhuvan
Kilo Patron
In response to Bhuvan

3 weeks ago

@LiamO 

 

Did you get a chance to review this ?

 

If my response helped to answer your query, please mark it helpful & accept the solution.

 

Thanks,

Bhuvan

0 Helpfuls