Thank you for your feedback.
Form temporarily unavailable. Please try again or contact docfeedback@servicenow.com to submit your comments.
Versions
  • London
  • Kingston
  • Jakarta
  • Istanbul
  • Helsinki
  • Geneva
  • Store
Close

Restrict access

Restrict access

Service Catalog enables an administrator to grant or deny access to a service catalog item or category by company, department, group, user, or location.

  1. Navigate to Service Catalog > Maintain Items or Service Catalog > Maintain Categories.
  2. Open the relevant catalog item or category.
  3. Configure the form to add the appropriate Available or Not available lists.
    Figure 1. Access Control
    access control
  4. Add the companies, departments, groups, users, or locations to the appropriate list.
  5. Click Update.

Restrict access by role

By default, individual catalog items and categories do not have access restrictions.

About this task

Administrators can grant or deny access to a service catalog item or category based on role.

Procedure

  1. Navigate to Service Catalog > Maintain Items or Service Catalog > Maintain Categories.
  2. Open the relevant catalog item or category.
  3. Add the required roles to the Roles field.
    You can, if needed, Configure the form or change to Default View to see the Roles field.
    Figure 2. Roles Granted
    roles granted

Restrict access by a script

Service Catalog enables you to control access to a service catalog item or category with a custom script.

  1. Navigate to Service Catalog > Maintain Items or Service Catalog > Maintain Categories.
  2. Open the relevant catalog item or category.
  3. Configure the form to add the Entitlement Script field.
    Figure 3. Entitlement Script
    entitlement script
  4. In the Entitlement Script field, enter the access control script.

    Sample Scripts

    The following example script grants access to a catalog item named French Blackberry to users with a language of Fr (French):
    gs.log ( 'Running Entitlement script for French Blackberry' ) ;
     
     if (gs. getUser ( ). getLanguage ( ) == 'fr' ) 
        answer = true ; else 
        answer = false ;
     
    answer ;
    The following example script could be used to distinguish between two categories of users (one with full access and one with restricted access) on the catalog of services:
    var userid  = gs. getUserID ( ) ; var gr  = new GlideRecord ( 'sys_user' ) ; 
    gr. get ( 'sys_id' , userid ) ; 
     
     if (gr. source )
        answer = true ; else
        answer = false ; 
     
    answer ;
    Overriding Entitlement Scripts by Role
    1. Navigate to Service Catalog > Properties.
    2. Enter the roles for which to override the entitlement script (grant access) in the property List of roles (comma-separated) that can override normal entitlement checking inside the catalog. A role of "itil" means that the itil role can order any catalog item, even one protected by entitlement restrictions.