| Role | Description |
|---|---|
| admin | The administrator role. This role has special access to all system features, functions, and data because administrators can override ACL rules and pass all role checks. Consider these implications when using admin overrides on ACLs. If you have sensitive information, such as HR records, that you need to protect, you must create a custom admin role for that area and train a person authorized to see those records to act as the administrator. Also note the Special Administrative Roles. |
| agent_admin | Can manage MID Server-related scripts. |
| ais_admin | Can query, create, update, and delete indexing and search settings and log messages through the AI Search application. |
| approval_admin | Can approve or reject approvals. |
| approver_user | Can modify requests for approval routed to them. They also have all capabilities of Requesters. Note: There is a fee associated with this role. Do not assign it to users without confirming your organization has the appropriate entitlement. |
| assignment_rule_admin | Can manage Assignment Rules. |
| asset | Can manage hardware and software assets. |
| business_process_admin | Can create, read, update, and delete (CRUD) all records and their relationships in the business process. This role is assigned to users who are administrators and have thorough information and training on business processes. In the context of Governance, Risk, and Compliance (GRC), users with the sn_grc.admin role who manage GRC applications and their setup automatically gain access to this role. This access enables the GRC administrators to administer business process and its records similar to other GRC tables. |
| business_process_manager | Can create, read and update any business process and manage the relationship of business process with other records. This role is assigned to business process managers who are usually specialists and manage multiple business processes in the organisation. Such users generally work with other employees and are experts around business processes. In the context of GRC, users with the sn_grc.manager role automatically inherit this role that enables them to manage the business processes for the entire organization. |
| business_process_user | Can update the business processes that a user owns and can also read any business process. This role must be assigned to the respective process owners who manage the business process that they own. This role can also be provided to users who are required to view the business processes in the organization and understand them better. In the context of GRC, users with the sn_risk.user role are automatically assigned this role as this role enables them to manage the business processes they own as well as read all business processes. |
| catalog | Has access to service catalog requests. |
| catalog_admin | Can manage the Service Catalog application, including catalog categories and items. |
| catalog_editor | Can create, modify, and publish items within categories they are assigned to. |
| catalog_item_designer | Can view the status of their category requests. |
| catalog_manager | Can view and assign catalog editors to their categories. Can also create, modify, and publish items within their categories. |
| category_manager | Can create, edit, and delete model categories. |
| cmdb_read | Can read any CMDB table. Contained in admin and itil. |
| communication_manager | Manages communication for major incidents and is responsible for communicating with all stakeholders. |
| contract_manager | Can create, edit, and delete contracts through the Contract Management application. |
| data_classification_admin | Administers all aspects of the Data Classification application, data classification code setup and assignment, |
| data_classification_auditor | Audits Data Classification code assignments. |
| ecmdb_admin | Can administer the CMDB. |
| filter_admin | Can manage filters. |
| filter_global | Can create global filters. |
| filter_group | Can create filters that belong to groups of which the user is a member. |
| gauge_maker | Can create gauges from reports. Starting with Helsinki, reports are no longer made into gauges. |
| guided_tour_admin | Can manage and administer Guided Tour functionality. |
| image_admin | Can manage image files on the Images [db_image] table. |
| impersonator | Can impersonate users. Does not allow impersonation of admin users. |
| import_admin | Can manage all aspects of import sets and imports. |
| import_scheduler | Can schedule imports. Warning: Grant this role carefully. The import_scheduler role is equivalent to giving the user the admin role, because the import_scheduler has the ability to execute scripts with administrator level privileges. |
| import_set_loader | Can load import sets. |
| import_transformer | Can manage import set transform maps and run transforms. |
| incident_manager | Manages Incident properties and Major Incident trigger rules. |
| inventory_admin | Can create and delete stock information. Only users with the inventory_admin role can edit stock rules, stockrooms, and stockroom types. |
| inventory_user | Has access to stock information. Can create and manage transfer orders. |
| itil | Can perform standard actions for an ITIL helpdesk technician. Can open, update, close incidents, problems, changes, configuration management items. By default, only users with the itil role can have tasks assigned to them. |
| itil_admin | Possesses more privileges than the itil role and is intended for team leads. This role has the ability to delete incidents, problems, changes, and other related entities when both the itil and itil_admin roles are assigned. |
| knowledge | Can create, edit, and review knowledge base articles. |
| knowledge_admin | Can manage the knowledge base. |
| list_updater | Can use Update Entire List and Update Selected menu options on lists. |
| maint | Reserved for ServiceNow use. |
| mid_server | Role that any MID server user should be granted. This role gives the MID server access to the tables it ordinarily uses. |
| model_manager | Can create new CMDB models. Model manager can control the base models and any model extensions that are not software or consumables. Consumable models are controlled by the asset manager role (asset). Software models are control by the software asset manager role (sam). |
| major_incident_manager | Initiates the major incident process by assessing and approving major incident candidates or creating a major incident. Maintains the ownership and accountability for the lifecycle of the incident. Identifies the users and groups to be involved in the resolution activities and sets up communication channels. |
| nobody | The nobody role means that no user has access - not even admin or maint. Use the nobody role carefully. The nobody role takes precedence over the admin override option on ACLs, so even admins cannot have access. See Create an ACL rule. Do not assign it to specific users. You can use this role in ACLs that control access to resources, such as UI pages, processors, script includes, and records. Warning: Applying the nobody role may be irreversible if applied to some important system functions. |
| personalize | Can configure forms, lists, rules, controls, scripts. |
| personalize_choices | Can configure choices and predefined responses for non-journal fields designated as choice or suggestion fields. |
| personalize_control | Can configure controls on lists, such as filters, links, and buttons. |
| personalize_dictionary | Can configure dictionary entries and labels. |
| personalize_form | Can configure forms. |
| personalize_list | Can configure lists and list calculations. |
| personalize_responses | Can configure predefined responses for journal fields designated as suggestion fields. |
| personalize_rules | Can configure business rules and scripts. This role contains the following specialized roles for granting selective, administrative access to rules and scripts: business_rule_admin client_script_admin ui_policy_admin ui_action_admin |
| personalize_styles | Can configure field styles. |
| personalize_ui | Can configure forms and lists. |
| public | No login is required to access features or functions with the public role. |
| release_admin | Can edit Release history for a release. |
| report_admin | Can manage reports. |
| report_global | Can create global reports. |
| report_group | Can create reports and share reports with groups that the user is a member of. Users with this role can edit reports shared by other users in the group. |
| report_publisher | Can make reports available on a public page. |
| report_scheduler | Can schedule a report to be emailed. |
| script_fix_admin | Can create and manage fix scripts but cannot run fix scripts. |
| search_application_admin | Can query, create, update, and delete records on search UX-related tables. Contains the ais_admin role. |
| sn_appclient.app_client_company_installer | Can install applications containing the same company as the currently logged in instance.User role that allows for first time installation of only those applications for the company associated with the currently logged in instance. A user with this role cannot install an application for another company. |
| sn_appclient.app_client_user | Can install applications containing the same company as the currently logged in instance. |
| sn_cmdb_admin | Provides full access to CMDB data, tools, and UIs. A CMDB Admin, for example, sets policies in the CI Class Manager and application service requirements. CMDB Admin provides the highest level of access to the CMDB. |
| sn_cmdb_editor | Provides access to CMDB records. A CMDB Editor is not allowed to change policies such as in the CMDB Data Manager or in the CI Class Manager. |
| sn_cmdb_user | Provides read-only access to CMDB data and to basic UIs such as CMDB reports and dashboards. |
| soap | Can query, create, update, and delete records on all tables, as well as execute scripts. |
| soap_create | Can create records on all tables and columns. |
| soap_delete | Can delete records on all tables and columns. |
| soap_ecc | Can query, create, and update on the ECC Queue table only. |
| soap_query | Can query records on all tables and columns. |
| soap_query_update | Can query and update records on all tables and columns. |
| soap_script | Can execute business rule endpoint function via script.do. |
| soap_update | Can update records on all tables and columns. |
| survey_admin | Can manage survey masters, questions, and instances. Contains the assessment_admin role. |
| survey_reader | Can read survey instances and responses. |
| task_editor | Can edit protected task fields. |
| template_editor | Can create templates for personal use, and modify or delete personal templates. Included in the itil role in the base system. |
| template_editor_global | Can create templates for global use. |
| template_editor_group | Can create templates for groups. |
| template_scheduler | Can schedule template-based record creation. |
| text_search_admin | Can customize Global Text Search groups and tables. |
| timecard_admin | Can approve, modify, and delete the time cards of other users. |
| ts_admin | Can administer Zing text indexing and search engine. |
| unlimited_createnow | Role for CreateNow unlimited licensed users. |
| upgrade_app | Can upgrade installed applications containing the same company as the currently logged in instance. Cannot perform first time installations of applications published to the Application Client page. |
| user | Available for customer use, has no function in the base system. |
| user_admin | Can administer users, groups, locations, and companies. |
| view_changer | Can switch active views. |
| workflow_admin | Can create, edit, publish or delete graphical workflows. |
| workflow_creator | Can create new graphical workflows. |
| workflow_publisher | Can publish graphical workflows. |
Comments
Thank you for sharing wonderful information with us to get some idea about that content
ReplyDeleteServiceNow Online Training in Hyderabad
ServiceNow Developer Training
Thank you Bhanu.
Delete