Roles for scoped app

Lydon · ‎12-05-2022

Morning Fellows

I have a question, which I feel like I already know the solution but wanted to get opinions from our experts

I created an extension from the change request and created a few new groups that will be utilizing this app I only want these new groups to see and use the app.

If I add the OOB roles, e.g., u_change, u_change_write, that would mean that any existing group with these roles can see the new app correct?

In order to address this, should I create a new role for the groups that I want to see the new app, and assign this new role to that group, e.g, xyz_u_change, xyz_u_change_write

Thank you

jaheerhattiwale · ‎12-05-2022

@Lydon Creating the new roles for the new app will be good option and easy for future maintenance as well.

Please mark the answer as correct or helpful based on impact
ServiceNow Community Rising Star, Class of 2023

Kristen Ankeny · ‎12-05-2022

Yes, I would create the role(s) needed. I would keep it simple and to the point. If you don't have a lot of nuanced access to the custom configuration, you shouldn't need a lot of roles. When the scoped application was created, did you associate OOB roles to the custom app or create a role (or roles)? If you created, you should be able to use them. You just have to ensure that the ACLs are set up/updated to point to the custom role(s).

Lydon · ‎12-05-2022

I did add the OOB roles to the scoped app, which I do not want, can I remove them without causing issues?

Kristen Ankeny · ‎12-05-2022

Yes, that shouldn't be an issue. Just create the role(s) you need and update the permissions accordingly.