Issue
In a default out of box instance, the Calendar history view of a record is viewable by any user who is a member of the itil role. In addition, this data is also implicitly viewable to a user with admin rights on the instance who would normally all have access to the List history view for the record.
This accessibility can be modified to further restrict or expand this access level to other roles (and thus users) as well. This article will describe the steps an admin level user could perform in order to modify this access level.
Resolution
To change this list of roles who can view this history, the following steps should be performed on the instance:
1. First, the instance should be logged into with an account having admin rights to the instance.
2. Once logged into the instance with the appropriate access level, the System Navigator should be used to navigate to location: System Properties -> System.
3. The System Properties properties page will appear. The system property on the page should be located with the header "List of roles (comma-separated) that can access the history of a record."
In a new out-of-box system, this property will be repopulated with the string itil, corresponding to the itil role on the system.
This field can then be populated with a comma-delimited list of role names that should be allowable to review the activity history list which is displayed within certain record types.
4. After adding the appropriate role name in the field, one of the two Save buttons on the form should be clicked to record the changes. One such Save button is on the upper right corner of the properties page form and another at the bottom of the page form.
Note that this will then allow members of the assigned roles to view the History Calendar view of the record by default.
5. In order to view the History -> List option, an Access Control (ACL) record associated to that menu option must be created on the instance, however, admin accounts have access to this History List by default. Thus, a new ACL record should be created for the sys_history_set table with the view Operation rights and with the roles who should have access populated in the Requires role list.
Once this ACL is in place, anyone in the selected roles should then be able to access both the Calendar History view and the History List for the selected record.
*Note that if a particular table is not configured to enable auditing, the History List option will not be found in the menu regardless of the user's permissions.
Related Links
This setting can also be modified by directly editing the underlying property, glide.history.role. This can be accessed from the system_properties record list and searching for the property with the name glide.history.role and setting the Value field of the property to a comma-delimited list of roles who should have access to view the history of a record.
The following ServiceNow Docs site article describes some general information regarding the record History List and the requirements to view it:
To enable auditing on a specific ServiceNow table, see the following Knowledge Base article:
KB0723730 - How to activate/deactivate auditing for a specific table or field
