The Read-Only role and how to use it


Description

The Now Platform includes the capability to easily configure a specific user or group to access certain tables, but only in a read-only format.  This is done through the special snc_read_only role.

The Purpose of the Read-Only Role

Adding this role to a user or group on the instance will cause all users with this role to immediately have read-only access to any tables they could previously modify or otherwise manipulate.

The snc_read_only role provides no additional permissions to the individual or group to whom it is assigned (read or otherwise). This role is normally used together with one or more other roles. This role will simply prevent the user from inserting, modifying, or deleting records in tables that the user currently has access to by virtue of other roles or permissions on the instance.

Example

As an example, suppose we have a user who is a member of the standard itil role. Normally, this user can access and edit a number of different record types in the instance (such as Incident).

Write permissions

However, if the snc_read_only role were added to this user (retaining all the other roles already associated with the user), his view of the same Incident ticket would appear as the following, in which the user could no longer edit the Incident.

Adding or removing the read-only role to an existing user

If the role is to be added to a user, the following steps can be used.

  1. Log in to the instance with an admin or user_admin account
  2. Navigate to User Administration > Users
  3. Filter the user list to locate the User for which the role is to be added or removed.
  4. Click the Information icon to the left of the row corresponding to this user to open that user account record.
  5. Scroll to the Roles related list for this user record and click the Edit button
    • A slush-bucket control will appear. Locate the role with the name snc_read_only in the list on the left.

  6. Double-click the role or use the arrows in the middle to move it to the list on the right.
  7. Click the Save button on the Edit Members dialog box.

That user, on the next login, will then have read-only access to any records they can access.

The same procedure can be used to remove the role from a user. In that case, however, the snc_read_only role would be found in the list to the right and double-clicked to remove it from that list.

On the user's next login, they will then have the capability to edit any applicable objects that are provided by other roles.

Additional Information

This role can sometimes be the cause of other issues. A user may report that, while previously they had permissions or rights to edit certain record types, suddenly they no longer can, with the button and menu options no longer appearing and the fields appearing in a read-only format.

One of the first things to check is to ensure that the snc_read_only role has not somehow inadvertently been assigned to that user.  If so, and the user should indeed have the rights to edit records, removing the role from the user's profile and having the user log out and back into the instance will correct the issue.