Best Practice for AWA Manager Visibility
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
4 hours ago
Hi everyone, hope you’re doing well!
I’m reaching out to get advise to try to avoid unnecessary customization if there’s an OOTB‑aligned alternative.
The requirement is to allow the awa_manager role to view their AWA Queue and Assignment Rules from the left navigation.
The developer implemented the following:
- Created a new module “AWA Queue Viewer”, visible to the awa_manager role
- Updated ACLs to allow read‑only access to the awa_queue table
- Updated ACLs to hide the New button for AWA Managers under Work Items > All
Our Concern
Out of the box, the Queues and Assignment Rules modules appear to be accessible only to the awa_admin role. Granting that role to managers would give them edit rights to all queues and rules, which we want to avoid.
I understand why the developer created new ACLs and a new module to solve this. However, after reviewing this we’re concerned that:
- Creating new modules + custom ACLs introduces customization for functionality that feels like it should be achievable OOTB
What We’re Hoping to Validate
Is there an OOTB‑aligned way to:
- Grant awa_manager view‑only access to their AWA queue and assignment rules ONLY
- Without creating new modules
- And without additional ACL customization beyond what is expected for configuring AWA?
If there’s a better pattern or best‑practice approach, we’d appreciate your guidance.
Thanks in advance for your insights!
- Labels:
-
Incident Management
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10m ago
Hi @Gemma4 ,
Short Answer: No, there is no OOTB-aligned way to grant awa_manager read-only access to backend configuration tables (awa_queue, awa_assignment_rule) without the specific ACL customization your developer implemented.
The "Why" (Operations vs. Configuration): Out-of-the-box, ServiceNow draws a strict line:
awa_admin: Configures how work is routed (Queues, Rules, Timeouts).
awa_manager: Monitors how well the routing is performing (Wait times, Agent availability).
Because "Queues" and "Assignment Rules" are configuration records that dictate system logic, they are protected by the admin role. ServiceNow does not provide a "Read-Only Configuration" role specifically for AWA managers.
Validating Your Developer's Approach
If the requirement is strictly "Managers must see the logic of the Assignment Rules" (e.g., to verify if an overflow rule is set up correctly), then your developer followed the correct security best practice.
It is safer: They created a new specific ACL (awa_queue read for awa_manager) rather than modifying the OOTB awa_admin ACL. This is safer for upgrades.
It is necessary: Since the OOTB role awa_manager does not include read access to these tables, adding a specific ACL is the only way to bridge that gap without granting full Admin rights.
The OOTB Alternative (Performance Only)
If the managers just need to see "What is happening" (and not "How it is configured"), they should rely on the AWA Operations Dashboard rather than list views.
Summary: Your developer's solution is not "unnecessary" customization; it is a necessary configuration to meet a security requirement that OOTB roles do not cover.
If this explanation validates your path forward, please mark it as Accepted Solution (or Proposed Solution).
Best regards,
Brandão.
