Hi Community,

I’ve been working on a scenario where certain business managers (non-ITIL users) need to view incidents in ServiceNow. These users:

• Do not require ITIL access.
• Should only have read access (form details and work notes).
• In limited cases, they may also need to update the incident state.
• They are not directly part of incident handling, but act as store managers who oversee incidents created for their location.

What I’ve already tried:

• Looked at sn_read_only role → not sufficient for incident visibility.
• Checked for SNC-internal role → not available in my instance.
• Explored creating a custom role with READ ACLs → not ideal as it doesn’t give state change flexibility.
• Considered cloning/modifying ITIL ACLs → not preferred since I want to avoid altering the standard ACLs tied to ITIL.

Question:
What’s the best recommended approach to give these non-ITIL managers:

1. Read-only access to specific types of incidents (by group, location, or other condition).
2. Optional ability to change the state field, without granting full ITIL access.

Has anyone implemented this scenario before? If so, what role/ACL strategy worked best for you?

I appreciate any suggestions or best practices.