User with Read only access

prakharmahe
Tera Contributor

Hi 

If someone has ITIL role and I add snc_read_only role with it, then the user cannnot create/update/delete any table data or is there any issue with this role?

Total role for this user - 52

itil
snc_read_only
sn_sow.it_agent_dashboard_user
dependency_views
knowledge
sn_bm_client.benchmark_data_viewer
sn_problem_write
sn_request_read
actsub_user
cmdb_ms_editor
snc_required_script_writer_permission
sn_cmdb_editor
sn_nb_action.next_best_action_user
template_editor
tracked_file_reader
interaction_agent
email_client_template_read
contact_user
sn_request_write
sn_gd_guidance.guidance_user
data_manager_user
sn_change_write
certification
cmdb_query_builder_read
sn_incident_write
sn_itsm_contact_query
cmdb_read
cmdb_ms_user
sn_comm_management.comm_plan_viewer
sn_sow.sow_home
task_editor
sn_sow.sow_list
sn_sow.sow_user
email_composer
sn_sttrm_condition_read
sn_publications_recipients_user
canvas_user
app_service_user
template_read_global
sn_cmdb_user
workspace_user
snc_platform_rest_api_access
sn_request_approver_read
view_changer
sn_problem_read
viz_creator
sn_change_read
sn_incident_read
agent_workspace_user
sn_publications_recipients_list_user
cmdb_query_builder
survey_reader
13 REPLIES 13

@prakharmahe

 

snc_read_only role is only for observing tables and examining data without being able to change it. So User with this role cant edit anything. But as far as other role access is concerned for particular user with read only role, the user can read items available for other roles.

 

Please Accept this response as Solution if it assisted you with your question & Mark this response as Helpful.

 

Kind Regards,

Ehab Pilloor

Ehab Pilloor
Mega Sage

Hi @prakharmahe,

 

 

The snc_read_only role in ServiceNow is a built-in security feature that restricts users to read-only access on all accessible tables. When applied, it overrides all other assigned roles, permanently preventing the user from inserting, modifying, or deleting records.
This role is widely used to grant stakeholders—such as auditors, trainers, or executives—visibility into the platform. It ensures that users cannot accidentally alter configurations, change incident states, or execute background scripts. It is important to note the following mechanics of the role: 

 

  • UI & API Restrictions: Users cannot perform write operations through the UI, APIs, or GlideRecord transactions.
  • System Exceptions: A few select tables (like system logs and user sessions) may still be writeable by default.
  • Usage Strategy: It is typically combined with other operational roles (e.g., ITIL) to allow data viewing without enabling record updates

 

Please Accept this response as Solution if it assisted you with your question & Mark this response as Helpful.

 

Kind Regards,

Ehab Pilloor

I gave the user ITIL role and snc_read_only role in my PDI
when I try to access user session while impersonating the user it restricts me to view the table, so I guess it's not a issue

 

@prakharmahe,

 

Yes, you should be able to view tables but all fields are all read only. It is for observing data.

 

Please Accept this response as Solution if it assisted you with your question & Mark this response as Helpful.

 

Kind Regards,

Ehab Pilloor