Understanding user criteria for event types in Workforce Optimization for ITSM

  • Release version: Yokohama
  • Updated January 30, 2025
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Understanding user criteria for event types in Workforce Optimization for ITSM

    This documentation explains how to manage user access to various event types—such as meetings, training sessions, and time-off requests—within the team calendar of Workforce Optimization for IT Service Management (ITSM). It focuses on setting Create, Read, Update, and Delete (CRUD) permissions using inclusion and exclusion user criteria, allowing tailored access for users, groups, or roles.

    Show full answer Show less

    Key Features

    • Role-Based Default Access: By default, users have role-based access to manage event types, but team members do not have read access to events classified as Actual work.
    • User Criteria for CRUD Operations: You can define user criteria to grant or restrict CRUD permissions for event types beyond default role access, enabling fine-grained control.
    • Inclusion and Exclusion Logic: The system evaluates exclusion criteria first—if exclusion is true for a CRUD operation, access is denied regardless of other settings. If not excluded, inclusion criteria are checked, and users must meet at least one inclusion rule and have the appropriate role-based permission to perform the action.
    • Application Scope: Access settings can be applied to individual users, entire groups, or roles, providing flexibility for different organizational needs.

    How Access Evaluation Works

    The system processes user criteria in this order:

    1. Exclusion Criteria: If any exclusion criteria apply for a CRUD operation, the user is denied that access.
    2. Inclusion Criteria: If no exclusion applies, the system checks if the user meets any inclusion criteria. If yes, the user’s role-based permission is evaluated to confirm access.
    3. Fallback: If neither inclusion nor exclusion criteria are set, role-based permissions govern access.

    Note: Exclusion criteria always override inclusion criteria.

    Practical Usage

    • Create User Criteria: Define records specifying which users, groups, or roles can access specific event types, refining who can create, read, update, or delete those events.
    • Include or Exclude Access: Add or remove user access to event types to ensure users only see and manage events relevant to them.
    • Verify Permissions: Check the CRUD rights for groups or individual team members to confirm they have the correct permissions aligned with organizational policies and operational needs.

    Benefits for ServiceNow Customers

    By leveraging user criteria for event types in Workforce Optimization for ITSM, customers can enforce precise access control, improve security, and streamline calendar management for teams. This capability helps ensure that team members only interact with relevant event types and actions, reducing errors and enhancing operational efficiency.

    Manage user access for any event type such as meeting, training, and time-off requests in the team calendar.

    You can include or exclude Create, Read, Write or Update, and Delete (CRUD) rights for event types using the inclusion and exclusion user criteria access. You can perform the CRUD operations for users, groups, or roles.
    Note:
    By default:
    • Users have role-based access to manage event types.
    • Team members don’t have read-access to events of type Actual work.
    For additional flexibility around managing the CRUD access, you can set the user criteria for each event type. For example, if team members don't have access to edit their work shifts using their role-based access, you can set that access using user criteria. You can set this access for specific team members or for the whole group.

    The flow diagram shows the logic on how inclusion and exclusion user criteria access work for event types.Infographic that describes the user criteria access for event types flow. The text that describes the flow follows this infographic.

    How inclusion and exclusion user criteria access works
    When the user criteria rules get evaluated, it's done in the following order:
    1. The system first evaluates the exclusion access for each criteria.
      • If the exclusion access for a CRUD operation is set to true, then the system evaluates the user criteria.
        1. If the user doesn’t have access based on their role, then the user is denied access for the specific CRUD operation.
        2. If the user isn’t denied access, then the system evaluates the inclusion criteria.
      • If the exclusion access for a CRUD operation is set to false, then the system evaluates the inclusion criteria.
    2. For the inclusion access, for a specific CRUD operation such as Create, the system checks if at least one of the inclusion user criteria is set to true. If yes, then the system evaluates the user criteria based on the user's role access.
      • If the user:
        • Has access for the CRUD operation based on their user role, then the user can perform that action. For example, if the event type is training and the CRUD operation is Create then the user can create the training event types.
        • Doesn’t have access for the CRUD operation based on their user role, then the user can’t perform that action.
      • If at least one of the inclusion criteria isn’t set to true, the user doesn’t have access to the specific CRUD operation. In this example, the user can’t create the training event types.
    Note:
    The exclusion access always takes precedence over the inclusion access. If no inclusion or exclusion access is set, then the role-based access is used for managing event types.