Alert Sync Roles
Alert Sync ships with a number of roles that it uses internally. However it does also require access to other sections of ServiceNow should you wish to make use of more complex functionality. In a heavily customized ServiceNow (or using heavily customized Advanced Creation Rules) you may need to add in your own Access Control Entries (ACEs) to your Access Control List (ACL). This article covers all of the roles that ship with Alert Sync, the default roles in a ServiceNow instance that may be used to grant access to certain features, and some of the areas that we feel are most likely to require or benefit from customization if you choose to use them.
Alert Sync Roles
These roles are all provided with the Cookdown Connector App from the ServiceNow store.
Cookdown Connector User
This is essentially an administrative role for the Alert Sync product. It provides the user with access to configure the App, view support information and use the getting started guide. It also inherits the Incident Creation Rule User, and SCOM Alerts User to provide access to all of the functionality possible for a user to have.
Incident Creation Rule User
This role allows a ServiceNow user edit access to Creation Rules. This role should be given to anyone who may need to create or adjust the rules that create tasks/incidents from SCOM alerts. For more advanced features such as scripting and using configuration items in Rules this should be paired with the ITIL role.
SCOM Alerts User
This role allows a ServiceNow user edit access to the SCOM Alerts. This role should be given to anyone who may need to use the SCOM alerts that have come in. Normally this would be used in conjunction with the Incident Creation Rule User role, however this could be used on its own. For example if someone was looking to build or use reports from this table.
SCOM Sync Service
Provides all the internal roles required for the Service account to operate
Web Access Role
This role grants access to import SCOM alerts to the ServiceNow application and access to the Cookdown APIs. This is one of the roles granted to the Service account.
These roles are all provided with a default ServiceNow Instance.
This role in ServiceNow allows a user to perform basic operations on tasks. This role is not strictly speaking required for either the service account or for users looking to use Creation Rules in default ServiceNow instances. However both will be severely limited in capabilities without these.
It is typically used to provide access to Configuration Management Database (CMDB) Items (CIs), common task tables, and advanced features such as Post Processing and Advanced Creation Rules. You could replace this with another role linking in the required ACEs.
This role in ServiceNow allows the user to manage the 'Service Catalog' application, including catalog categories and items. For Alert Sync this is only of interest at the only role by default to be allowed to create Catalog Tasks other than Admin.
You could use this role to allow the service account to create and interact with Catalog Tasks, however we strongly recommend that you put in your own ACEs into your ACL to grant permission to access this table should you wish to use this feature. The Catalog Admin role is somewhat overkill for the Alert Sync requirements.
This is the ServiceNow administrator role. It has special access to all system features, functions and data. It is required to install/update the application and can be useful to the service account when performing troubleshooting actions.
It is also the only role to have access to the Task and Service Task tables by default. Should you wish to use these tables we strongly recommend that you put in new ACEs to your ACL to grant access to these tables.