Create a New Elevated Role for Asset Admin

Go to solution
Steven Young
Tera Guru

‎06-26-2017 09:38 AM

Hey Folks,

we have a need(desire) to create a new role that requires our Asset Manager to elevate his role in order to delete/edit certain records..

I created a new Role,   made it an elevated role.

Applied the role to the Asset managers Group.

i tried applying the role directly to the person.

every time he clicks on his name, there is no "Elevate Roles" option.

We really want him to have his "normal" roles,   but then when he elevates, we log what he does as elevated.

I know there is a lot of OOB stuff for Admin and security_admin.

Is there a way to have a NON-Admin user, elevate roles?

0 Helpfuls
  • 2,656 Views
1 ACCEPTED SOLUTION

Go to solution
manish_sn
ServiceNow Employee
ServiceNow Employee

‎07-13-2017 01:23 PM

Hi Steven ,



Please refer : Force administrators to manually elevate



This property is available to force all users with the administrator role to manually select the role that they want to elevate to.



If you want to allow Non-Admin roles , please update the value = false .



If this property is not your in instance , Please create and update the value = false , followed by cleaning of cache and re-login .



Regards


Manish


View solution in original post

0 Helpfuls
8 REPLIES 8

Go to solution
manish_sn
ServiceNow Employee
ServiceNow Employee

‎07-13-2017 01:23 PM

Hi Steven ,



Please refer : Force administrators to manually elevate



This property is available to force all users with the administrator role to manually select the role that they want to elevate to.



If you want to allow Non-Admin roles , please update the value = false .



If this property is not your in instance , Please create and update the value = false , followed by cleaning of cache and re-login .



Regards


Manish


0 Helpfuls

Go to solution
Steven Young
Tera Guru
In response to manish_sn

‎07-17-2017 06:27 AM

SN Engineers got me the answer to my question.     the same day as you responded to this question.
Thank you for the answer as i did read this documentation listed, but it's not clear because it does not mention anything about non admin's elevating.



But Yes, i did add the property     glide.security.strict_elevate_privilege


Set Value:   False



and it does in fact allow standard users to elevate without having the security admin role.



the Explanation.



Our instance is an UPGRADED instance which did not have the property.


New OOB Istanbul+ instanced have this property by default.




Hope this helps.


0 Helpfuls

Go to solution
Cameron Manzi
Tera Contributor

‎03-19-2024 09:42 AM

I know this is old...but, in my scenario I created an elevated role that contains the admin role. The user in question can elevate to this role but, they do still have admin access to things without having to elevate. Is that expected behavior? I'm trying to make an "admin" role that requires elevation without modifying the existing OOTB admin role. 

Preview file
49 KB
0 Helpfuls

Go to solution
Steven Young
Tera Guru
In response to Cameron Manzi

‎03-19-2024 10:52 AM

admin is NOT an elevated role.  if you have admin, you have admin.
you cannot create an "admin" elevated role.

you would need to create some type of sub_admin role and create acl's for everything you wish this role to have access to

0 Helpfuls