Read Only Admin override through UI action

Go to solution
Jeff Lanham
Tera Contributor

‎02-11-2025 01:24 PM

We are looking to provide a set of users the ability to troubleshoot with admin level access but with read only rights to troubleshoot in the production / preproduction environments. We are looking for a solution to allow them to request read only admin, once enabled we would like to have the user access a UI action pull them out of read only admin. We are also planning on pulling anyone in read only admin out at the end of day.

Our thought is to:

  1. Create a group for Read Only Admins
  2. Create a Request Read Only Admin access Catalog request visible to only users in the Read Only Admin group.
  3. Create a UI action to remove Read Only Admin access
  4. Add scheduled job to pull any users out or Read Only Admin at xx:xx time local (End of Day)

Process

  1. Use the existing Access Request catalog item to grant them access to the Read Only Admin group, two levels of approval.
  2. User would use the Read Only Access Catalog Item to request to be elevated to Read Only Admin – on approval, then automatically assign Read Only to the user.
  3. When user is done, user select "Remove Read Only" UI action to pull them out of Read Only

Now the question: Any thoughts on how to create a UI action that isn’t blocked by the read only role?

0 Helpfuls
  • 432 Views
1 ACCEPTED SOLUTION

Go to solution
Ankur Bawiskar
Tera Patron
Tera Patron

‎02-11-2025 10:04 PM

@Jeff Lanham 

Why to allow them to click the UI action? If they don't click they will still have the role till the job runs

Why not ask for how many days or hours it's required on catalog form?

Simply remove that read-only admin role after that duration from your flow and no scheduled job required?

If my response helped please mark it correct and close the thread so that it benefits future readers.

Regards,
Ankur
✨ Certified Technical Architect  ||  ✨ 9x ServiceNow MVP  ||  ✨ ServiceNow Community Leader

View solution in original post

0 Helpfuls
2 REPLIES 2

Go to solution
Community Alums
Not applicable

‎02-11-2025 09:42 PM

Hi @Jeff Lanham ,

You can create a client script which checks if the current user has the "admin" role. If not, the UI action won't be visible to them.

something like below :

 if (current.user.roles.contains('admin')) { 
                return true; 
            } 
            return false;

 

0 Helpfuls

Go to solution
Ankur Bawiskar
Tera Patron
Tera Patron

‎02-11-2025 10:04 PM

@Jeff Lanham 

Why to allow them to click the UI action? If they don't click they will still have the role till the job runs

Why not ask for how many days or hours it's required on catalog form?

Simply remove that read-only admin role after that duration from your flow and no scheduled job required?

If my response helped please mark it correct and close the thread so that it benefits future readers.

Regards,
Ankur
✨ Certified Technical Architect  ||  ✨ 9x ServiceNow MVP  ||  ✨ ServiceNow Community Leader
0 Helpfuls