Groups and roles
As we learned in a previous chapter, it's nearly always best practice to assign roles to groups, and then add users to those groups. It is virtually never a good idea to add roles directly to users. Following this best-practice guideline makes role management much, much simpler and more manageable later on.
Roles in ServiceNow correspond to specific sets of permissions. They grant access to modules within the platform, rights to perform certain actions, and more. Some roles, such as the admin role, grant special permissions, such as the ability to modify system records, policies, and scripts. In high security instances (instances with the High Security Settings plugin enabled), there is an even higher-permissions role, called security_admin
. This role grants the ability to modify security rules (ACLs) and perform other security-related tasks.
Roles are stored in the Role [sys_user_role
] table, and can be found in the application navigator, under User Administration | Roles...