HR property: sn_hr_core.include_elevated_roles

Kohei Tominaga1
Tera Expert

Hi, HRSD experts

 

I found the property named "sn_hr_core.include_elevated_roles" in the Docs and it is saying that

Checks for logged in users that have roles with elevated privilege before granting access. Valid entries:

  • true: Check if logged in user has role with elevated privilege before granting access.
  • false: Do not check if logged in user has role with elevated privilege before granting access.

However I couldn't understand how this is working.
Could you please provide me more detail instruction about this property?

1 ACCEPTED SOLUTION

@Kohei Tominaga1 That was a specific customer requirement where they required an elevated role to access the HR Profile under certain conditions. Again, this was not OOtB, but a good use case. Leveraging the elevated role was used when the user was on the network, but when the user was not on the company's network, they were not able to see certain data in the HR Profile. The elevated permission was an easier way to address this use case (prior to the release of Adaptive Authentication).

 

Regards,

Mike 

View solution in original post

3 REPLIES 3

michaelj_sherid
ServiceNow Employee
ServiceNow Employee

@Kohei Tominaga1 The use case is if a customer wanted to have users elevate roles before accessing HR Profile records. This can impact other areas of the platform so this is why it was introduced as a system property for customers who have use cases to elevate access (in HRSD).

 

If my answer has helped with your question, please mark my answer as an accepted solution and give a thumbs up.

Regards,

Mike

@michaelj_sherid Thank you for your response. Could you please tell me more details the case when users access HR profile using elevate role? In my understanding, users with HR roles can access HR profile and any other users without HR roles cannot access HR profile. So, for example, when admin users elevate roles such as security admin, they cannot access HR profile. Is there any OOTB elevate role which grant access to HR profile?

@Kohei Tominaga1 That was a specific customer requirement where they required an elevated role to access the HR Profile under certain conditions. Again, this was not OOtB, but a good use case. Leveraging the elevated role was used when the user was on the network, but when the user was not on the company's network, they were not able to see certain data in the HR Profile. The elevated permission was an easier way to address this use case (prior to the release of Adaptive Authentication).

 

Regards,

Mike