Managing cross-application scope

Edit online

To enable communication between applications in ServiceNow, the administrator must explicitly enable that communication pathway. You enable this communication by declaring Cross-Application Scope, which defines the following conditions:

  • Source Scope: The application that requests the communication pathway.

  • Target Scope: The scope of the requested communication. For example, Global or Change Mgmnt.

  • Target Name: The table that the Source wants to access.

  • Operation: The type of access the Source requests. For example, Read, Write, or Create.

  • Status: Whether the cross-application scope is allowed or not. For example, Allowed or Requested.

By default, when you install Turbonomic Actions, it defines scoped permission for various tables. This definition enables communication in the most common cases. In particular, the installation enables Global Read for the CI Matching tables. For more information about CI Matching tables, see CI Matching Details for Virtual Machines.

For example, assume the cmdb_ci_vm_instance CI Matching table exists. The default installation defines the following conditions:

  • Source Scope: Turbonomic Actions

  • Target Scope: Global

  • Target Name: cmdb_ci_vm_instance

  • Operation: Read

  • Status: Allowed

If you changed scope definitions, or if you changed the CI Matching to use different tables, you must be sure the cross-application scope is defined to support your changes. If the scopes are not properly defined, ServiceNow might post errors as a CR makes its state transitions.

Some common causes of this problem include:

  • You changed the CI Matching table to use for a class of VMs.

    For example, you might change the CI Matching Table for AWS VMs from cmdb_ci_vm_instance to cmdb_ci_server. The scope record for this table might not be set to Global, or the record might not exist at all.

  • You added a scope record for a table that Turbonomic Actions already uses.

    For example, you added a scope record for change_request, and gave it a scope of Change Mgmnt instead of Global. ServiceNow uses the more conservative setting from the record that you added so CR transitions for Turbonomic Actions throw an error.

  • You changed the definition for an existing target.

    For example, you changed the Status for change_request.read from Allowed to a lower setting.

Assume that you changed the Status for change_request.read to something other than Allowed. In that case, you might see an error similar to:

ScopeAccessNotGrantedException: read access to change_request not granted

The error message identifies the operation that fails (read), and the target name (change_request). This information identifies which scope record you need to change.

To find the record, navigate in ServiceNow to System Applications / Application Cross-Scope Access. This view displays the Cross scope privileges screen. Look for an existing record with the following conditions:

  • Source Scope = Turbonomic Actions

  • Target Scope = Global

  • Target Name = change_request

  • Operation = Read

  • Status = Some value other than Allowed

To fix the issue, change the Status to Allowed.

If you cannot find the appropriate record, then you must create a new one. In Cross scope privileges, click New, and create the new record with the appropriate values.