Reputation: 701
ServiceNow: list all legacy user role capabilities
If I am developing on an instance of ServiceNow with many user roles defined and not a lot of documentation on the capabilities provided by the roles.
Is there any way to examine the SNOW instance and determine capabilities that a role provides the end user, even in such cases that a business or UI rule defines logic related to the role?
Could this be done through a backend script reliably?
Upvotes: 0
Views: 620
Answers (3)
Reputation: 16245
This isn't terribly straight forward documentation-wise or programmatically.
Your main option is to query the sys_security_acl_role table for a role and list the related ACL.
Also most ACLs don't have a proper description and the advanced condition would require you to read those as well if there is no role associated to an ACL.
You will need to look at the name and operation of the ACL to grasp what access they grant.
An example that you can run as Background script
var role = 'itil'; // role to check
// query the ACLs with the role related
var gr = GlideRecord('sys_security_acl_role');
gr.addQuery('sys_user_role.name', role);
gr.query();
while (gr.next()) {
// only show active ACLs
if (gr.sys_security_acl.active) {
gs.print(gr.sys_security_acl.name + " (" + gr.sys_security_acl.operation + ") - " + gr.sys_security_acl.description);
}
}
The output depends on your instance, but this is the idea.
new_call (create) - Allow create for records in new_call, for users with role itil.
ngbsm_view (create) - Allow create for records in ngbsm_view, for users with roles (itil, ecmdb_admin).
...etc...
Upvotes: 1
Reputation: 1
Check this one also
function setGroupFilter(){
var user = current.variables.user_name;
//Reset the filter query
current_groupsg_filter.reset();
var answer = 'sys_idINjavascript:getMyGroups()';
current_groupsg_filter.setQuery(answer);
current_groupsacRequest(null);
//if remove reqeust display slushbucket
if (addYN=="remove"){
g_form.setDisplay('current_groups', true);
}
}
Upvotes: 0
Reputation: 1
You can check this code may be use
function getUserGroups(user_sys_id) {
var theUser = gs.getUser();
theUser = theUser.getUserByID(user_sys_id);
return theUser.getMyGroups();
}
Upvotes: 0
Related Questions
- How to list all roles associated with an AWS SSO account
- How to view the permissions/roles associated with a specific service account in k8s?
- How to list Service principal permissions using powershell
- How can I list all of my permissions derived from roles in Azure?
- How to enumerate all enabled roles for all users in PostgreSQL?
- Can I get a list of all resources for which a user has been added to a role?
- Get list of all roles in Netsuite
- ServiceNow - What are the security roles user needs to have to add/delete sys_users via the Rest api?
- Show Service permissions programmatically
- List service and services status under Win-7