Grant non admin developers limited application and update set access

It used to be problematic to give limited access to citizen developers (or other BA’s) from other teams. There wasn’t an easy way to limit access to change specific scripts or specific workflows, because everything used to be in a global scope or under a custom scoped application. Users would get access to everything or none, unless you wanted to spend a lot of time building heavy custom ACL’s.

This issue was solved by ServiceNow with Delegated Development. Now it is a good practice build everything under scoped applications, for example new features come out in their own application scope (Agent workspace, GRC, Change management, Spoke applications).

1) Go to sys_store_app.list where you can see all available applications. Select the application.

2) Under related links click on “Manage developers”.

3) Choose a user and select limited access to only what they need from this application by application file type: script, workflow, service portal, update set access etc.

4) Now user will have access to application and update set pickers after they enable it from their developer settings. Also, whenever he will open any application file type, the filter with his allowed applications will be automatically set. Other files will be hidden under ACL restrictions.

Note: to enable configuration of update set rights you have to set up com.snc.dd.manage_update_set_enabled system property to true first. Users will have access to update set module and they will be able to choose update sets from there. To enable update set picker access set up glide.ui.update_set_picker.role property with the application role name.

Not limited to development activities, this could be used to grant access to users to modify their own catalog items without having access to full catalog.

Also, there is a simple way to change the scope programmatically:

$http({
method: 'PUT',
url: '/api/now/ui/concoursepicker/application',
headers: {
  'Content-Type': 'application/json',
  'Cookie' : document.cookie
},
data: { app_id: sys_id_of_application }
});