Can admin view all the applications and modules some of the applications are restricted through role

service buzz
Tera Contributor

‎05-06-2020 02:04 AM

Dear All,

 

Can admins view all the applications and modules though the application is restricted to a custom role which doesn't inherit any roles ?

we did not give the admins the custom role but still he is able to view the  application.

What could be the reason?

 

Thanks,

servicebuzz

Labels:
0 Helpfuls
  • 1,217 Views
9 REPLIES 9

Jaspal Singh
Mega Patron
Mega Patron
In response to service buzz

‎05-06-2020 05:52 AM

Even if there exists any we may not have that option. As I understand there wouldn't be any platform that will not exclude admins from all scenarios.

 As its Admins who needs to have privilege to everything so as to modify & make things work.

service buzz
Tera Contributor
In response to Jaspal Singh

‎05-06-2020 11:20 PM

Thank you for the response

0 Helpfuls

Ankur Bawiskar
Tera Patron
Tera Patron
In response to service buzz

‎05-06-2020 11:32 PM

Hi,

Glad to hear that response helped. Please remember to mark appropriate reply as "helpful" or being the "correct answer".

Regards
Ankur

Regards,
Ankur
Certified Technical Architect  ||  9x ServiceNow MVP  ||  ServiceNow Community Leader
0 Helpfuls

Swapnil Soni1
Giga Guru

‎05-06-2020 11:48 PM

Hi,

Administrators can manage developers by specifying which users and groups have access to application content.
Sample developer permissions
 

 

Several things that you will need to setup:

  • When creating a new app a user role is automatically created, you will need to create an additional admin role and associate all the advanced capabilities like delete ACLs, etc to this admin role versus the user role.
  • In ACLs there is an "admin overrides" attribute.  This will need to be set to false for all ACLs in your custom application.  This will ensure that normal admin's don't override this ACL and they gain CRUD (create, read, update/write, and delete) access
  • Make sure the navigation menu items are associated to your user/admin role so they don't see it in the application navigator
  • Admin's obviously have to elevate their privileges to security_admin to modify ACLs, make sure you log when users do that so you have traceability
  • Through process I would advise that admins be general users in your production instance and create a request process to gain admin role/activate their admin user only when needed

 

Please mark correct or helpful if this helps.

Thanks

Swapnil

 

 

 

 

Luuk
Tera Contributor

‎05-06-2020 11:51 PM

The only exception (i can think of) is the security_admin role. This isn't automaticly assigned to the admin role but needs to be manually toggled. by clicking on elevate roles as shown below.

find_real_file.png

Preview file
11 KB
0 Helpfuls