How to allow a manager to add/remove members from their group in ServiceNow?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
3 weeks ago
I have a requirement where the manager of a group should be able to manage the membership of their own group in ServiceNow. Specifically:
- The manager should be able to add new users to the group.
- The manager should be able to remove existing members from the group.
Currently, group membership is controlled by admins, but we want to delegate this responsibility to the group manager without giving them full admin rights.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
3 weeks ago
Hi @anjalikhara !!
This can be achieved without giving admin access by using the Group Manager field + ACLs.
1) Set the Group Manager
On the Group (sys_user_group) record, populate the Manager field with the user who should manage the group.
2) Create a Custom Role (Optional but Recommended)
Create a role such as:
group_manager
Assign this role to users who should manage group membership.
3)Add ACLs on Group Membership (sys_user_grmember)
Create ACLs for read / insert / delete on sys_user_grmember.
ACL Script Example:
(function () {
var grp = new GlideRecord('sys_user_group');
if (grp.get(current.group)) {
return grp.manager == gs.getUserID();
}
return false;
})();This ensures:
Managers can add/remove users
Only for groups they manage
4) Read Access to Group Record
Ensure the manager has read access to sys_user_group where:
Mark it helpful if this helps you to understand. Accept solution if this give you the answer you're looking for.
Thank You
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
3 weeks ago
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
3 weeks ago
The issue is that the Edit button on the Group form is controlled by write access on sys_user_group, not by ACLs on sys_user_grmember.
To allow a group manager to add or remove members without admin access:
Populate the Manager field on the Group (sys_user_group).
Create a Write ACL on sys_user_group with a script condition like:
current.manager == gs.getUserID();3. Create Insert/Delete ACLs on sys_user_grmember to allow membership changes only for the groups they manage.
This enables the Edit button for the group manager and allows them to add or remove users only for their own groups, without granting admin rights.
Mark this as Helpful if it clarifies the issue.
Accept the solution if this answers your question.
Regards,
Vaishnavi
Associate Technical Consultant
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
3 weeks ago
Hi @Angel k !!
If my solution helps you then mark it as helpful and accept as solution.
Regards,
Vaishnavi
Associate Technical Consultant
