User criteria migration

Service catalog user criteria records provide access control for service catalog items and categories.

You can migrate your access controls to use user criteria. The user criteria feature is automatically enabled for new instances. If you upgrade your instance, a script runs to determine current access control usage.
  • If your instance does not use entitlement-based access controls, the user criteria feature is automatically enabled.
  • If your instance does use entitlements, the user criteria feature is not enabled. If you want to use user criteria, use the procedure described on this page to migrate your access controls from entitlements to user criteria.

Migrate to user criteria to provide more reuse, control, and flexibility compared to entitlements.

For example, you can use a single criteria record to make multiple catalog items available to only users who meet all these requirements:

  • Are located in EMEA or APAC
  • Belong to ACER
  • Are in the Training department

Migrate to service catalog user criteria

Service Catalog enables you to maintain the required access controls to your service catalog while migrating from entitlements to user criteria.

About this task

Procedure

  1. Navigate to Service Catalog > Catalog Policy > Properties and verify that the user criteria feature is not already enabled on your system.
    • If the property Use "User Criteria" to define access to catalog items and categories (glide.sc.use_user_criteria) is set to true, you can skip the following steps. The user criteria feature is automatically enabled because entitlements were not used in your old system.
    • If this property is set to false, continue with the following steps. The user criteria feature has not been enabled yet on your system.

  2. To preview the user criteria feature, set the service catalog property Enable both "User Criteria" and "Entitlement" related lists for catalog items and categories when migrating from entitlements (glide.sc.user_criteria_migration) to true. This option lets you compare user criteria records and entitlements before you fully switch to user criteria.
  3. Inspect your service catalog items and categories to identify access control sets that you can configure user criteria records for. Review your current entitlements and record your current design for access controls. Focus on identifying patterns where multiple items have the same combination of location, group, and so on. Each combination is a possible access control set.
  4. Create a user criteria record for each access control set that you identified from your inspection of the service catalog.
    You have a step with a list, note, and image.
  5. Apply these user criteria records to the items and categories identified, replacing the equivalent entitlements.
  6. Enable user criteria on your system by setting the service catalog property Use "User Criteria" to define access to catalog items and categories (glide.sc.use_user_criteria) to true. When this property is set to true, any remaining entitlements are no longer used.
    Note: Scripts in user criteria cannot reference the category or catalog item as current as entitlement scripts do. For scripts in user criteria, use the user_id available for the user currently being evaluated against the category or catalog item.

Data structure differences

There are significant data structure differences between entitlements and user criteria, which you must be aware of while migrating.

Using entitlements, the following tables are loaded into memory and evaluated before rendering.

For catalog items:

Figure 1. Entitlements Data Structure - Catalog Items
entitlements data structure - catalog items

For categories:

Figure 2. Entitlements Data Structure - Categories
entitlements data structure - categories

The user criteria architecture collects all user attributes in the User Criteria [user_criteria] table.

User criteria records can link to items and categories, as follows.

For catalog items:
  • Catalog Item Available for [sc_cat_item_user_criteria_mtom]
  • Catalog Item Not Available for [sc_cat_item_user_criteria_no_mtom]
Figure 3. User Criteria Data Structure - Catalog Items
user criteria data structure - catalog items
For categories:
  • Category Available for [sc_category_user_criteria_mtom]
  • Category Not Available for [sc_category_user_criteria_no_mtom]
Figure 4. User Criteria Data Structure - Categories
user criteria data structure - categories