Groups and Roles
As we learned in the last chapter, it's nearly always best practice to assign roles to groups, and then add users to those groups; never to add roles directly to users. This makes role management much, much easier.
Roles
in ServiceNow, correspond to specific permissions. They grant access to modules within the platform, and rights to perform certain actions. Some roles, such as the admin role, grant special permissions, such as the ability to modify system records, policies, and scripts. In high security instances, there is an even higher-permissions role, called security_admin
. This role grants the ability to modify security rules and run background scripts.
Roles are stored in the Roles[sys_user_role]
table, and can be found in the application navigator, under User Administration
| Roles
. Roles are fairly simple records on their own, in that they consist primarily of a name and description. Some roles require elevation, if they have the Elevated Privilege
tick-box checked...