We've updated the ServiceNow Community Code of Conduct, adding guidelines around AI usage, professionalism, and content violations. Read more

Is it possible to make particular roles from the Roles table only accessible to particular group

Megha_pB
Tera Contributor

‎01-26-2026 12:54 PM

Hi,

Is it possible to hide a particular role(example Role A) from role table for all users including admins. It should only be visible if the logged in user belongs to XYZ group.

I am trying thru ACL's but something is missing and the ACL is locking the whole roles table from users who are not part of the group. I only want the role (Role A) to be hidden from the list .

0 Helpfuls
  • 473 Views
6 REPLIES 6

Its_Azar
Kilo Sage

‎01-26-2026 01:11 PM

Hi there @Megha_pB

 

For this usecase i think ACL is not a good choice, u can go with a Before Query Business Rule on sys_user_role that filters out that role unless the user belongs to the required group.

 

(function executeRule(current, previous) {

  var ROLE_TO_HIDE = 'role_a'; // name of Role A
  var GROUP_ALLOWED = 'XYZ';   // name of the group

  // Allow users in XYZ group to see everything
  if (gs.getUser().isMemberOf(GROUP_ALLOWED)) {
    return;
  }

  // Hide only Role A for everyone else (including admins)
  current.addQuery('name', '!=', ROLE_TO_HIDE);

})();

 

here

 

Users not in XYZ → Role A is invisible

Users in XYZ → Role A is visible

Other roles → Not affected

Hope i got your use case right. 

 

☑️ If this helped, please mark it as Helpful or Accept Solution so others can find the answer too.

Kind Regards,
Azar
Serivenow Rising Star
Developer @ KPMG.

Megha_pB
Tera Contributor
In response to Its_Azar

‎01-26-2026 01:16 PM

Hi Azar,

Thank you for your response.

Can this also restrict admins? 

Can this also restrict someone to assign the role through flow designer or scripts?

 

Kind Regards,

Megha.

0 Helpfuls

Its_Azar
Kilo Sage
In response to Megha_pB

‎01-26-2026 01:27 PM

Hi @Megha_pB 

 

1) Restricting admins
Yes, the Before Query BR  will also restrict admins, unless you explicitly allow them. In the script I shared, admins are restricted as well unless they belong to the XYZ group.

2) Restricting role assignment via Flow Designer or scripts
No — a Before Query BR only affects UI visibility (lists and reference lookups). It does not prevent role assignment via flows, background scripts, or APIs.

if its needed.  Create ACL on sys_user_has_role that blocks assignment of Role A unless the user belongs to XYZ.

☑️ If this helped, please mark it as Helpful or Accept Solution so others can find the answer too.

Kind Regards,
Azar
Serivenow Rising Star
Developer @ KPMG.

Megha_pB
Tera Contributor
In response to Its_Azar

‎01-27-2026 12:20 AM

Hi Azar,

Yes, like I mentioned earlier I am trying via ACL. I have created a create ACL on sys_user_has_role table. But it is restricting the access to whole role table, instead of restricting only one record in the role table.

Maybe I am missing something, but unable to figure it out.

 

Kind regards,

Megha.

0 Helpfuls