Help Required in getting Security Management user details
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-06-2025 02:57 AM
Hi,
Generally, user details are stored in sys_user table.
where can we find security management user details.
Are users who are in security related assignment groups are security management users.
Your suggestions will help me a lot.
Thanks.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-06-2025 04:35 AM
Hi @GaneshErike,
User info is stored in sys_user table or sys_user extended table, e.g., Contact table of CSM Modeule.
What kind of data do you want to get?
Thanks.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-06-2025 04:43 AM
Answer Analysis
Assumptions & Limitations: We assumed Security Management users are those with OOTB roles (security_admin, sn_incident_admin, sn_vuln_admin) or in groups whose names contain “Security.” In some instances, custom roles/groups or scoped plugin tables may also apply.
Potential Errors: Group naming conventions vary; inherited roles (sys_user_has_role.inherited) aren’t explicitly handled. If your instance uses custom plugin roles (e.g. sn_sec_ops_admin), they must be added to the role list.
Areas for Improvement: Automate deduplication of users across roles/groups, handle inherited roles, or build a UI action to display results.
Final Solution
Name of Problem: Locating Security Management Users
General proposal (≤100 words):
Use OOTB tables—sys_user_has_role and sys_user_grmember—to list all users with key Security Operations roles and membership in groups named “Security…”. No custom tables or heavy scripting required; simple GlideRecord queries suffice. 😊
Detailed step-by-step solution (≤250 words):
Identify Security Roles
Navigate to User Administration > Roles, note roles like security_admin, sn_incident_admin, sn_vuln_admin.
Query Users by Role
var roles = ['security_admin','sn_incident_admin','sn_vuln_admin']; roles.forEach(function(r){ var gr = new GlideRecord('sys_user_has_role'); gr.addQuery('role.name', r); gr.query(); while (gr.next()) gs.info('Role '+r+': '+gr.user.getDisplayValue('name')); });Identify Security Groups
Go to User Administration > Groups, filter NameLIKESecurity.
Query Users by Group
var gm = new GlideRecord('sys_user_grmember'); gm.addQuery('group.name','CONTAINS','Security'); gm.query(); while (gm.next()) gs.info('GroupMember: '+gm.user.getDisplayValue('name'));Combine & Export Results
Run both scripts in Scripts – Background, export logs or build a report on sys_user using the collected sys_ids; dedupe those IDs.
Simple test:
Impersonate a known Security Management user and run the above scripts in Scripts – Background; verify their names appear in the system logs.
Example solution (≤100 words):
Create a Script Include named ListSecurityUsers in Global scope. When invoked by a SecOps Admin, it returns a JSON array of user names and roles/groups for instant auditing in the Security Incident Response module. 🚀
Please mark this as the correct answer if it solves your problem! 😊
Sources
ServiceNow Documentation: Role definitions: security_admin, sn_incident_admin, sn_vuln_admin, docs.servicenow.com — outlines Security Operations roles and permissions.
ServiceNow Community: Understanding sys_user_has_role relationships, community.servicenow.com — explains how sys_user_has_role links users to roles.
Original question context: Help Required in getting Security Management user details, community.servicenow.com — describes the need to locate Security Management users.
