How to restrict Hardware Asset workspace to specific roles (invntory Manager) or specific users

DamandeepS · 3 weeks ago

Hi Community, I'm attempting to restrict access to the Hardware Asset Workspace (/now/hardwareassetworkspace/home) to only users with the inventory_manager role.

Here's what I've tried:

* Updated the ACL now.hardwareassetworkspace.\* to require only the inventory_manager role.
* Modified the Workspace > Roles list to include only this role.
* Added an advanced condition script to the ACL.

Issue:

The ham_admin role is automatically re-added every time I save. Because the admin and inventory_manager roles inherit ham_admin, users with only the ham_admin role (but not inventory_manager) can still access the workspace.

Pratiksha · 3 weeks ago

The out-of-the-box Hardware Asset Workspace (HAW) is tied to the HAM plug-in roles.
ServiceNow enforces ham_admin as a “core workspace role” — meaning it will be auto-populated in the Workspace > Roles list whenever the app metadata is refreshed.

That’s why your ACL change keeps being overridden. You might need to clone the workspace in order to do customisation. Again it will not update once you do that. (the modified one)

View solution in original post

Ankur Bawiskar · 3 weeks ago

@DamandeepS

this cannot be achieved unless you remove the contains role.

This will be a customization and I won't recommend this.

If my response helped please mark it correct and close the thread so that it benefits future readers.

Regards,
Ankur
✨ Certified Technical Architect || ✨ 9x ServiceNow MVP || ✨ ServiceNow Community Leader