- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
3 weeks ago
Hi,
I would like to make certain users in our instance able to perform the following actions:
1. Create and delete Users, Groups, and Roles.
2. Assign Roles to Users and Groups.
What I've already searched is:
1. Creating and deleting Users, Groups and Roles requires the admin role.
2. Assigning Roles requires the user_admin role.
My questions is :
1. Should I assign the user_admin role to those specific users?
2. Is there any better way to allow users to create/delete users, groups, roles without giving them the admin role?
Thank you for advice.
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
3 weeks ago
Hi @shog
As per recommendation, user_admin is the minimum role required to update a user. It’s better to use the out-of-the-box role instead of creating a new ACL
If my response proves useful, please indicate its helpfulness by selecting " Accept as Solution" and " Helpful." This action benefits both the community and me.
Regards
Dr. Atul G. - Learn N Grow Together
ServiceNow Techno - Functional Trainer
LinkedIn: https://www.linkedin.com/in/dratulgrover
YouTube: https://www.youtube.com/@LearnNGrowTogetherwithAtulG
Topmate: https://topmate.io/atul_grover_lng [ Connect for 1-1 Session]
****************************************************************************************************************
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
3 weeks ago - last edited 3 weeks ago
Hi @shog
- admin
- Full system control (including create/delete users, groups, roles, etc.).
- Too much power for what you’re describing.
- user_admin
- Can assign roles to users and groups.
- Does not by default create or delete users, groups, or roles.
Your Requirements vs. Roles
- Create/Delete Users & Groups
- Out of the box, this requires admin.
- Create/Delete Roles
- Also requires admin (and should usually be very tightly controlled — roles define access).
- Assign Roles
- Requires user_admin (or a custom delegated ACL).
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
3 weeks ago - last edited 3 weeks ago
Hi @shog ,
Please check this - https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB0723786
This may give you an idea how you can achieve it.
This is ACl solution but if you want - you can also create - Catalog item + Flow or Record producer to create User/Group and you can control it using User criteria.
If my answer helped you, please mark it- solution accepted.
Regards,
Nikhil Bajaj
Regards,
Nikhil Bajaj
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
3 weeks ago
Hi @shog
As per recommendation, user_admin is the minimum role required to update a user. It’s better to use the out-of-the-box role instead of creating a new ACL
If my response proves useful, please indicate its helpfulness by selecting " Accept as Solution" and " Helpful." This action benefits both the community and me.
Regards
Dr. Atul G. - Learn N Grow Together
ServiceNow Techno - Functional Trainer
LinkedIn: https://www.linkedin.com/in/dratulgrover
YouTube: https://www.youtube.com/@LearnNGrowTogetherwithAtulG
Topmate: https://topmate.io/atul_grover_lng [ Connect for 1-1 Session]
****************************************************************************************************************
