Unable to add/remove members to a group that has security_admin role

Chitra23 · ‎03-11-2024

Hi,

We have a group called ServiceNow Admins that has "admin" and "security_admin" roles added to it. I'm a member of that group and I want to remove few members from that group. Previously we were able to add/remove members from that group. But, now that group is not editable(all the fields are read-only) and I don't see the update, save or delete button when I open the group record. Even with the elevated access, I'm unable to update the group members. This is happening only in dev instance. It's working fine in test and production instance. Any help in this regard would be highly appreciated. Thanks in advance.

Chitra23 · ‎03-12-2024

The Write ACL for the Sys_user_group table is failing. I'm able to edit other groups in DEV instance. This issue is happening only for this group which has admin and security_admin roles. The only difference I see in DEV instance when compared to other instances is that the Security Incident response plugin has been activated in DEV instance. So all the users of this group has inherited sn_si.admin role as well. I think the sn_si.admin role is messing up with the ACLs for this group. Found this article https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB0778139