Difference between Locked Out users and Inactive Users

Go to solution
devd1
Kilo Contributor

‎04-20-2017 04:46 AM

Hi All,

I am very new for SNOW Tool. Could you please help me to get the difference between Locked Out users and Inactive Users. Thanks in Adv...

  • 10,032 Views
1 ACCEPTED SOLUTION

Go to solution
Chuck Tomasi
Tera Patron

‎04-20-2017 06:20 AM

Hi Devendra,



Locked out means they cannot login but are in the system as a current user (e.g. existing employee who tried the wrong password too many times.)



Inactive means they are no longer with the organization (e.g. active=true is a handy way to filter out ex-employees.)


View solution in original post

12 REPLIES 12

Go to solution
Aric3
Giga Expert
In response to Zod

‎08-25-2017 05:02 AM

Hi vemffm,



Inactive users (active=false) are hidden in most cases via the platform UI; Please check the out-of-box business rule "user_query" which adds an active query condition to interactive sessions if the logged in user does not have the admin role. This before query rule will effectively hide inactive users from being selected in reference fields like incident caller or task assigned to.



Regards,


Aric


Go to solution
Zod
Giga Guru
In response to Aric3

‎08-25-2017 05:09 AM

Hi Aric,


the business rule is active ... nevertheless we can assign locked users to groups or open incidents for them ...


I checked in my developer instance and there it is the same ...


0 Helpfuls

Go to solution
Aric3
Giga Expert
In response to Zod

‎08-25-2017 05:29 AM

Hi vemffm,



The "user query" business rule will only affect users who are inactive. If you are looking to hide/filter locked out users, this is a separate attribute on the user record, thus would need additional logic to filter. You could make a copy of the existing "user query" business rule and update the script to add the additional query condition. Something like the following may accomplish this:



current.addQuery('locked_out', false);


** Please understand that the addition of a new before query business rule on sys_user may significantly impact out-of-box and custom applications. Please proceed with caution.



Regards,


Aric


Go to solution
Zod
Giga Guru
In response to Aric3

‎08-25-2017 07:15 AM

Hey Aric,


thnx for your help.



The issue was, that I did check with the admin account. And the business rule "user querey" explicitly checks if u are admin.


So all good ... thank you!


0 Helpfuls

Go to solution
Community Alums
Not applicable
In response to Chuck Tomasi

‎01-07-2023 03:07 AM

Hi @Chuck Tomasi ,

Its mention in service docs that the Locked Out users select box (TRUE) will terminate the user its not mentioned any where the user tried it many times wrong password then he/she will be locked out.
I think admin as has the authority to select the Locked Out check box true and terminate all the active session of that particular user.

Locked out : Select this check box to lock the user out of the instance and terminate all their active sessions. The system prevents users with the admin role from locking themselves out.

PF Link below of servicenow docs.
https://docs.servicenow.com/bundle/tokyo-platform-administration/page/administer/users-and-groups/ta...