Notifications

296 views

 

Symptoms


When an user is granted with snc_read_only role, he can create/write/delete items based on the tables setup in the following three system properties:

glide.security.snc_read_only_role.tables.exempt_create

glide.security.snc_read_only_role.tables.exempt_write

glide.security.snc_read_only_role.tables.exempt_delete

Hence user has added the sc_request, sc_req_item tables to the above properties, but still user was unable to unable to  add/edit/delete items in cart and create Request / Requested Item.

Release


Istanbul 

Cause


Adding/Deleting/Editing cart, Creating request and requested item involves following tables as well apart from  sc_request, sc_req_item, 

sc_cart, sc_cart_item, sc_item_option_mtom 

Resolution


Adding these additional table "sc_cart, sc_cart_item, sc_item_option_mtom" along with sc_request, sc_req_item allowed the user with snc_read_only role to add/edit/delete items in cart and create Request / Requested Item. 

Hence the updated properties would look as below,

glide.security.snc_read_only_role.tables.exempt_create = sys_user_session, sysevent, syslog, syslog_transaction, sys_user_preference, sys_ui_list, sys_ui_list_element, sys_db_cache, user_multifactor_auth, sc_cart, sc_req_item, sc_request, sc_cart_item, sc_item_option_mtom
glide.security.snc_read_only_role.tables.exempt_write = sys_user_session, sysevent, syslog, syslog_transaction, sys_user_preference, sys_ui_list, sys_ui_list_element, sys_db_cache, user_multifactor_auth, sc_cart, sc_req_item, sc_request, sc_cart_item, sc_item_option_mtom
glide.security.snc_read_only_role.tables.exempt_delete = sys_user_session, sysevent, syslog, syslog_transaction, sys_user_preference, sys_ui_list, sys_ui_list_element, sys_db_cache, user_multifactor_auth, sc_cart_item, sc_item_option_mtom

NOTE: If you would like to test ordering catalog items via ATF, you must also add the sys_atf_test_result_step table to these properties. This is because the test step results will be written while the test runner is impersonating the snc_read_only user, and thus that user must be able to access these tables.

Additional Information


https://docs.servicenow.com/bundle/kingston-platform-administration/page/administer/user-administration/concept/c_ReadOnlyRole.html

Article Information

Last Updated:2018-08-31 10:09:14
Published:2018-08-31