Activating /deactivating roles versus assigning roles

cherylkirkn
Tera Contributor

‎12-14-2024 11:16 AM

Want to activate Problem Management. Typically I'd activate the roles, assign them to groups, assign the users to those groups like problem coordinator, etc. In this particular installation, they want to allow all itil users the ability to do everything but problem management administration functions. 

 

One developer says to deactivate the roles and add the itil role to the various menus and functions. To me this sounds like it might raise potential problems. 

 

If you deactivate a role, what happens? Doesn't the role have the capabilities tied to it? When you upgrade, couldn't there be issues? Right now it seems to work. 

 

 

0 Helpfuls
  • 655 Views
3 REPLIES 3

Uncle Rob
Kilo Patron

‎12-14-2024 04:19 PM

There's this thing (things?) called the ITSM Roles Plugin(s).  It basically allows you to make the more granular roles for the ITIL modules.  I'm not sure if its one plugin to install all of them, or one plugin for each major process area.
https://www.servicenow.com/docs/bundle/xanadu-it-service-management/page/product/problem-management/...

0 Helpfuls

Anand Kumar P
Giga Patron
Giga Patron

‎12-14-2024 07:00 PM - edited ‎12-14-2024 07:05 PM

Hi @cherylkirkn ,

 

Deactivating roles in ServiceNow is not recommended because it can break functionality tied to those roles, such as ACLs, UI actions, or scripts. During upgrades, deactivated roles remain skipped causing conflicts and unpredictable behavior. This often requires extensive testing and manual fixes.

 

Add the problem manager as child roles to the itil role, problem coordinator already inherited in itil roles as child role . This gives all ITIL users Problem Management access.

https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1113077

If my response helped, please mark it as the accepted solution and give a thumbs up👍.
Thanks,
Anand

0 Helpfuls

Ravi Chandra_K
Kilo Patron
Kilo Patron

‎12-14-2024 09:48 PM

Hello @cherylkirkn 

not a good idea to deactivate OOB roles., as Anand mentioned, this would be breaking OOB ACLs, BRs (if any associated with those roles.

 

If your requirement is to have ITIL users not to work on Problem management, remove the Problem related roles form ITIL role

and only give Problem related roles to groups that should access. You would still need to access OOB modules and ACLs to check the impact of doing this....

Please mark the answer as helpful and correct if helped. 

Kind Regards,

Ravi Chandra  

0 Helpfuls