Notifications

165 views

Overview

Some delegated developers expect to be able to access update sets, once they are given permission to access Scoped Applications. When a user tries to access update set in scoped application, they do not have access to read/write/create update sets, or they are unable to select a specific update set.

Define roles to use Update Set Picker

1. Log in as 'admin'

2. If you have not done so already, grant the 'delegated_developer' user role read access to the Update Set table [sys_update_set]
a) Navigate to System Security > Access Control (ACL)
b) Filter by Name contains sys_update_set
c) Open ACL for read, write, and create
d) Update section 'Requires role' to include: delegated_developer

3. Navigate to System Properties table > add the system property: glide.ui.update_set_picker.role

4. Set the value of glide.ui.update_set_picker.role to the role for which you want to give access,
example: admin,delegated_developer

Result:
Enable users with 'delegated_developer' role to see the update set picker on the Settings panel.

Example

Steps to reproduce this behavior:
1. Grant a user the role: delegated_developer
- Follow this documentation to provide access permissions to Delegated Developer,
https://docs.servicenow.com/bundle/london-application-development/page/build/applications/task/t_AddADeveloper.html#developer-permissions

Now, the user has access of that scoped application. It is a common request to give the user access to update sets as well.

2. Add the 'delegated_developer' role to ACLs for update set Read, Write, and Create access

3. Select an update set

Result:
Delegated developer is unable to select update set.

Note:
Additional security checks are in place to restrict access to users with the 'delegated_developer' role that prevents them from being able to create update sets. This has been introduced due to the fact that 'delegated_developer' role can be granted to users who are non-admins who are not developers. Deployment is often handled by another role/group.

Additional Information

Please find the documentation about deployment specific roles,
https://docs.servicenow.com/bundle/madrid-application-development/page/build/applications/task/t_AddADeveloper.html#d94111e395

This is mentioned in the Security Section of the Release notes,
https://docs.servicenow.com/bundle/london-release-notes/page/release-notes/servicenow-platform/platform-security-rn.html

Documentation to ensure the update set picker is available,
https://docs.servicenow.com/bundle/london-application-development/page/build/system-update-sets/task/t_GrantAccessToTheUpdateSetPicker.html

In the event that the update set picker shows "undefined" rather than showing list of active update sets, please refer to KB0744288 - User with delegated_developer role is unable to select update sets,
https://hi.service-now.com/kb_view.do?sys_kb_id=0105c05ddbd03344fff8a345ca961928 

Article Information

Last Updated:2019-05-21 11:54:27
Published:2019-03-18