Roles require you to relogin to take effect

bill_dev · ‎09-17-2018

I have a module with a custom role, once I added the role to a user, that user must log out and log in for the role to take effect and be able to view the module, This might not be a serious problem but the issue arises when I take out the role, the user still can see the module unless a relogin is done.

How can we make servicenow apply the new added/removed role seamlessly?

Jeff Currier · ‎09-17-2018

I think when you remove a role from a group, if you want that to take affect immediately, you would need to terminate their session. User Administration > Logged in users. Then Lock out session. Not seamless, but the only affective way I know. Now since the had the role previously, usually it isn't an emergency to remove them from the role.

As a footnote, you should generally be assigning the users to a group with the role, not the role directly. But that may have been what you meant, as the challenge you mention still exists if you are giving that role to a person via a group and them same with removing it.

-Jeff

View solution in original post

Jeff Currier · ‎09-17-2018

I think when you remove a role from a group, if you want that to take affect immediately, you would need to terminate their session. User Administration > Logged in users. Then Lock out session. Not seamless, but the only affective way I know. Now since the had the role previously, usually it isn't an emergency to remove them from the role.

As a footnote, you should generally be assigning the users to a group with the role, not the role directly. But that may have been what you meant, as the challenge you mention still exists if you are giving that role to a person via a group and them same with removing it.

-Jeff

Allen Andreas · ‎09-17-2018

Good info Jeff.

Since mostly everything with SN is "session" based, there really isn't a way for the role addition or removal to be updated seamlessly and instant on the user account. They would have to log back out and in for it to take effect. I would consider the advice by Jeff to kill their session, etc.

Please mark reply as Helpful/Correct, if applicable. Thanks!

Please consider marking my reply as Helpful and/or Accept Solution, if applicable. Thanks!

bill_dev · ‎09-17-2018

Thank you Jeff,

This is very helpful, maybe I can write a BR on the role-user, role-group association table that any update done to this table (or if the role added/removed is the role that I made), will query the logged in users, find the username/s, then automatically lock it.

And yes best practice is add roles to a group, I'm just on my personal dev. 🙂