Regarding Security Admin Role

Astik Thombare · ‎11-27-2023

Hi Community,

I'm a bit confused about who can grant the security_admin role in ServiceNow.

Do the user need to have both the admin and security_admin roles to grant access, or can they grant the security_admin role to another user with only the security_admin role?

Thanks in advance for your help.

Community Alums · ‎11-27-2023

Hi @Astik Thombare ,

Not all admin users have the ability to elevate privileges. Only admin users with the security_admin role can elevate privileges

In the base system, only the default System Administrator (admin) user has the security_admin role. Since it requires elevating privileges, the admin user does not have this role at login. After elevating privileges, the admin user has the security_admin role for the duration of the user session. See Elevate to a privileged role for more information.

Users with the admin role can usually modify any record on any table. Unrestricted record modification could lead to inadvertent changes to records on tables protected by security. To prevent accidental modification of table security, users with the admin role are required to temporarily grant themselves an additional role, security_admin, whenever they modify a role's ability to create, read, write, or delete a table's records.

View solution in original post

Aman Kumar S · ‎11-27-2023

Hi @Astik Thombare

Not all admin users have the ability to elevate privileges. Only admin users with the security_admin role can elevate privileges. The admin user on your Personal Developer Instance (PDI) has the security_admin role.

With only security admin role, you will not be able to do it, so you will need both the roles.

For more details refer to below:

https://developer.servicenow.com/dev.do#!/learn/learning-plans/utah/citizen_developer/app_store_lear...

Best Regards
Aman Kumar

View solution in original post

Community Alums · ‎11-27-2023

Hi @Astik Thombare ,

Not all admin users have the ability to elevate privileges. Only admin users with the security_admin role can elevate privileges

In the base system, only the default System Administrator (admin) user has the security_admin role. Since it requires elevating privileges, the admin user does not have this role at login. After elevating privileges, the admin user has the security_admin role for the duration of the user session. See Elevate to a privileged role for more information.

Users with the admin role can usually modify any record on any table. Unrestricted record modification could lead to inadvertent changes to records on tables protected by security. To prevent accidental modification of table security, users with the admin role are required to temporarily grant themselves an additional role, security_admin, whenever they modify a role's ability to create, read, write, or delete a table's records.

Harsh_Deep · ‎11-27-2023

Hello @Astik Thombare

User should have security_admin role and should have to elevate role then only he can grant security_admin role.

Mark ✅ Correct if this solves your issue and also mark 👍 Helpful if you find my response worthy based on the impact.

Nivedita Patil · ‎11-27-2023

Hi @Astik Thombare ,

please refer the below link.

https://docs.servicenow.com/bundle/vancouver-platform-security/page/administer/security/concept/c_El...

Mark my answer as accepted solution and helpful if helps you.

Thanks,

Nivedita Patil.

Aman Kumar S · ‎11-27-2023

Hi @Astik Thombare

Not all admin users have the ability to elevate privileges. Only admin users with the security_admin role can elevate privileges. The admin user on your Personal Developer Instance (PDI) has the security_admin role.

With only security admin role, you will not be able to do it, so you will need both the roles.

For more details refer to below:

https://developer.servicenow.com/dev.do#!/learn/learning-plans/utah/citizen_developer/app_store_lear...

Best Regards
Aman Kumar