How To Allow Group Manager To Add Other Users To Group?

JDX7913
Tera Guru

‎03-22-2021 04:44 PM

I have a group, and in that group, it contains a role for encryption (users in this group can view information such as SSN, Banking info, etc.). However, the manager of this group does not have the security admin role. 

It looks like for the manager to add new users to the group, and they would need to both have the security admin role and elevate their permissions.

Is there a way to get around this? I want the group manager to add whoever they see fit, but I don't want to grant them security admin role (that would open them up to edit ACLs, etc., which is not what I want.)

Is what I am requesting doable? If not, what are some workaround?

In case you are wondering how I set up my field-level encryption. I followed these steps:

find_real_file.png

Preview file
105 KB
0 Helpfuls
  • 1,807 Views
3 REPLIES 3

bammar
Kilo Sage
Kilo Sage

‎03-22-2021 05:39 PM

Do you have the groups showing as a related list under the User when you do a user lookup? If not, can you add it....

If so do these folks have the capability to click on an edit button when the see the groups related list under the user form? ..  if not list edit and add the managers role to be able to edit or click the add edit option, if not check acls there and allow them to add users.

I am 100 percent positive you dont have to give them security admin.

Another thing you can do is write a script they can use as a related link - COPY user groups- then have them click it provide a user to copy and do that. 

And yes because you role is nested in the group the person will get the group and all roles within. 

0 Helpfuls

JDX7913
Tera Guru
In response to bammar

‎03-23-2021 04:02 PM

So it looks like the problem was that the role was created within the scoped app, and because of that user could not assign it out. Creating that same role in the global scope allows the user to assign the group out.

Is there a way to get around this without creating that same role in the global scope?

0 Helpfuls

bammar
Kilo Sage
Kilo Sage

‎03-22-2021 05:41 PM

Also an article from one of the best with a solution

https://servicenowguru.com/system-definition/group-managers-manage-group-members/

I want to say I made my certain itil users- user_admins and thats how i did it but they are not admins in any other sense. 

0 Helpfuls