Hi everyone,
I’m a fresher currently practicing ServiceNow labs around role-based access, and I’ve run into a few questions that I’d love to get some guidance on:
Inherited vs. Direct Roles
If a user is assigned a role directly and also inherits the same role through a group, how does ServiceNow handle that?
Do inherited roles ever override direct assignments, or are they simply cumulative?
Impersonator Role Assignment
What’s the practical difference between assigning the impersonator role directly to a user versus granting it through a group?
Are there best practices for managing impersonation rights, especially in sensitive HR applications?
Auditing Sensitive Roles
What’s the recommended way to audit which users have sensitive roles like sn_hr_core.admin across the instance?
Is there a standard report or script that admins use to quickly identify these users/groups for compliance?
Thanks a lot in advance!
— Talha
