Alert Sync Roles
Alert Sync ships with a number of roles that it uses internally. However, it does also require access to other sections of ServiceNow should you wish to make use of more complex functionality. In a heavily customized ServiceNow (or using heavily customized Advanced Creation Rules) you may need to add in your own Access Control Entries (ACEs) to your Access Control List (ACL). This article covers all of the roles that ship with Alert Sync, the default roles in a ServiceNow instance that may be used to grant access to certain features, and some of the areas that we feel are most likely to require or benefit from customization if you choose to use them.
Alert Sync Roles
These roles are all provided with the Cookdown Connector App from the ServiceNow store.
Cookdown Connector User
This is essentially an administrative role for the Alert Sync product. It provides the user with access to configure the App, view support information, and use the getting started guide. It also inherits the Incident Creation Rule User, and SCOM Alerts User to provide access to all of the functionality possible for a user to have.
SCOM Sync Service
Provides all the internal roles required for the Service account to operate
ServiceNow Roles
These roles are all provided with a default ServiceNow Instance.
ITIL
This role in ServiceNow allows a user to perform basic operations on tasks. This role is not strictly speaking required for either the service account or for users looking to use Creation Rules in default ServiceNow instances. However both will be severely limited in capabilities without these.
It is typically used to provide access to Configuration Management Database (CMDB) Items (CIs), common task tables, and advanced features such as Post Processing and Advanced Creation Rules. You could replace this with another role linking in the required ACEs.
Catalog Admin
This role in ServiceNow allows the user to manage the 'Service Catalog' application, including catalog categories and items. For Alert Sync this is only of interest at the only role by default to be allowed to create Catalog Tasks other than Admin.
You could use this role to allow the service account to create and interact with Catalog Tasks, however we strongly recommend that you put in your own ACEs into your ACL to grant permission to access this table should you wish to use this feature. The Catalog Admin role is somewhat overkill for the Alert Sync requirements.
Admin
This is the ServiceNow administrator role. It has special access to all system features, functions and data. It is required to install/update the application and can be useful to the service account when performing troubleshooting actions.
It is also the only role to have access to the Task and Service Task tables by default. Should you wish to use these tables we strongly recommend that you put in new ACEs to your ACL to grant access to these tables.