- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-18-2023 07:35 AM
Hello,
I have a request to be able to provide read only access to the Workflow Editor.
I have created a "workflow_viewer" role and added ACLs to the wf_workflow and wf_workflow_activity tables, but the user is not able to get into the Workflow Editor itself. The new role has access to the module, but when going to the Workflow Editor, the user gets this error:
You do not have the appropriate privileges to view the Workflow Editor.
To use the Workflow Editor, please contact your system administrator.
I want the user to be able to visually see Workflows in the Workflow Editor, but not see the "New Workflow" button.
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-21-2023 04:26 AM
Hello all,
So, the solution was to create a "workflow_viewer" role. I have to assign the "workflow_publisher" role ONLY to allow access to the Workflow Editor. A ServiceNow group will be assigned both roles and Users who want View Only access to the Workflow Editor will be added to the group.
I have also added an ACL to the wf_workflow_activity table. This allows users to see the Workflow Activity, explore nodes along the workflow and see any code/logic inside.
On the "workflow_editor_welcome" UI page, the "New Workflow" button is hidden when the user has both "workflow_publisher" AND "workflow_viewer" roles.
Otherwise, the "New Workflow" button is shown, as intended.
JELLY CODE:
<g:evaluate var="jvar_value" jelly="true">
var show = 'false';
if(gs.hasRole('workflow_publisher')) {
if(gs.hasRole('workflow_viewer')) {
show = 'false';
} else {
show = 'true';
}
}
if(gs.hasRole('admin')) {
show = 'true';
}
if(gs.hasRole('workflow_admin')) {
show = 'true';
}
if(gs.hasRole('workflow_creator')) {
show = 'true';
}
if(gs.hasRole('activity_creator')) {
show = 'true';
}
show;
</g:evaluate>
<j:if test="${jvar_value == 'true'}">
<a id="new-workflow-btn" role="button" class="btn btn-primary new-btn" onClick="top.workflowIDE.newWorkflow()" tabindex="0">${gs.getMessage("New Workflow")}</a>
</j:if>
Users with BOTH roles are thus able to navigate to the Workflow Editor and browse workflows, but unable to checkout/edit AND create new workflows.
Thus, read-only access to the Workflow Editor done!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-18-2023 08:09 AM
The purpose is for that team to view/review all of our ServiceNow workflows to determine which ones should be updated to go to that team/assignment group instead of going to the Service Desk. Hopefully to reduce delay and increase efficiency.
I want them to be able to VIEW the existing workflows, but not edit OR create new workflows (if possible). At this point, I am able to restrict editing (checking out), but can't provide access to the Workflow Editor itself without giving the option to create (New Workflow button).
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-18-2023 11:06 AM
I need to determine why this message is showing for the Workflow Editor:
You do not have the appropriate privileges to view the Workflow Editor.
To use the Workflow Editor, please contact your system administrator.
Once I can grant the new role access to the Workflow Editor, then everything should be fine.
Any ideas/suggestions?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-18-2023 10:03 PM
Please raise a HI ticket and share us the updates
Ankur
✨ Certified Technical Architect || ✨ 9x ServiceNow MVP || ✨ ServiceNow Community Leader
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-21-2023 04:26 AM
Hello all,
So, the solution was to create a "workflow_viewer" role. I have to assign the "workflow_publisher" role ONLY to allow access to the Workflow Editor. A ServiceNow group will be assigned both roles and Users who want View Only access to the Workflow Editor will be added to the group.
I have also added an ACL to the wf_workflow_activity table. This allows users to see the Workflow Activity, explore nodes along the workflow and see any code/logic inside.
On the "workflow_editor_welcome" UI page, the "New Workflow" button is hidden when the user has both "workflow_publisher" AND "workflow_viewer" roles.
Otherwise, the "New Workflow" button is shown, as intended.
JELLY CODE:
<g:evaluate var="jvar_value" jelly="true">
var show = 'false';
if(gs.hasRole('workflow_publisher')) {
if(gs.hasRole('workflow_viewer')) {
show = 'false';
} else {
show = 'true';
}
}
if(gs.hasRole('admin')) {
show = 'true';
}
if(gs.hasRole('workflow_admin')) {
show = 'true';
}
if(gs.hasRole('workflow_creator')) {
show = 'true';
}
if(gs.hasRole('activity_creator')) {
show = 'true';
}
show;
</g:evaluate>
<j:if test="${jvar_value == 'true'}">
<a id="new-workflow-btn" role="button" class="btn btn-primary new-btn" onClick="top.workflowIDE.newWorkflow()" tabindex="0">${gs.getMessage("New Workflow")}</a>
</j:if>
Users with BOTH roles are thus able to navigate to the Workflow Editor and browse workflows, but unable to checkout/edit AND create new workflows.
Thus, read-only access to the Workflow Editor done!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-21-2023 05:07 AM
Glad to know.
Remember you have updated OOB UI page. So whenever upgrade happens you need to analyse the skip logs.
Ankur
✨ Certified Technical Architect || ✨ 9x ServiceNow MVP || ✨ ServiceNow Community Leader
