Making Admin role read only, not the whole instance

stable_yogi · ‎06-25-2023

Hello,

I am trying to provide admin-read-only access to some users in test instance.

here's what I tried:-
1. Create a Group called "ADMIN-Read Only".

2. Add the role "sn_read_only" role to the group.

3. Adding the user to the group.

But it made the whole instance read only for the user, despite the other roles he had, every single role became read only.

Is there any way to achieve it?

Ravi Chandra_K · ‎06-26-2023

Hi @stable_yogi

as per product docs, the read only role will make all tables read only even if user has access to those earlier.

you can modify the read only role properties from below system properties.

refer : https://docs.servicenow.com/bundle/utah-platform-administration/page/administer/user-administration/...

Please mark the answer as correct and hit thumbs up if it helped!!

Regards,

Ravi Chandra.

stable_yogi · ‎06-26-2023

This won't help the situation.

Let me explain more of what I want to achieve:-
Several users need admin role in a particular instance to test features requiring admin rights, for example, Flow designer testing. But, some of these users(developers) are sometimes making changes in that test instance it self which is causing trouble.

What I want is to give them Read only privileges for such things while keeping their actual roles intact.

Although, after reading the documentation I realized this isn't possible as admin role contains many roles and making it read only will kill the purpose(keeping actual roles of users intact).

Another solution which I thought of was, Creating a user named Test_Read_Only_User and giving it the admin role with snc_read_only. and providing the "Impersonator" role to the users who need the admin read only.

But, the catch there is that someone who isn't admin can't impersonate an admin even after having impersonator role.
Is there any work around for that??

PankhilP · yesterday

Did you solve this ?