24 views

Symptoms


When an user is granted with snc_read_only role, he can create/write/delete items based on the tables setup in the following three system properties:

glide.security.snc_read_only_role.tables.exempt_create

glide.security.snc_read_only_role.tables.exempt_write

glide.security.snc_read_only_role.tables.exempt_delete

Hence user has added the sc_request, sc_req_item tables to the above properties, but still user was unable to unable to  add/edit/delete items in cart and create Request / Requested Item.

Release


Istanbul 

Cause


Adding/Deleting/Editing cart, Creating request and requested item involves following tables as well apart from  sc_request, sc_req_item, 

sc_cart, sc_cart_item, sc_item_option_mtom 

Resolution


Adding these additional table "sc_cart, sc_cart_item, sc_item_option_mtom" along with sc_request, sc_req_item allowed the user with snc_read_only role to add/edit/delete items in cart and create Request / Requested Item. 

Hence the updated properties would look as below,

glide.security.snc_read_only_role.tables.exempt_create = sys_user_session, sysevent, syslog, syslog_transaction, sys_user_preference, sys_ui_list, sys_ui_list_element, sys_db_cache, user_multifactor_auth, sc_cart, sc_req_item, sc_request, sc_cart_item, sc_item_option_mtom
glide.security.snc_read_only_role.tables.exempt_write = sys_user_session, sysevent, syslog, syslog_transaction, sys_user_preference, sys_ui_list, sys_ui_list_element, sys_db_cache, user_multifactor_auth, sc_cart, sc_req_item, sc_request, sc_cart_item, sc_item_option_mtom
glide.security.snc_read_only_role.tables.exempt_delete = sys_user_session, sysevent, syslog, syslog_transaction, sys_user_preference, sys_ui_list, sys_ui_list_element, sys_db_cache, user_multifactor_auth, sc_cart_item, sc_item_option_mtom

Additional Information


https://docs.servicenow.com/bundle/kingston-platform-administration/page/administer/user-administration/concept/c_ReadOnlyRole.html

Article Information

Last Updated:2018-05-17 01:19:51
Published:2018-05-17