HR property: sn_hr_core.include_elevated_roles

Go to solution
Kohei Tominaga1
Tera Expert

‎02-13-2024 09:18 PM

Hi, HRSD experts

 

I found the property named "sn_hr_core.include_elevated_roles" in the Docs and it is saying that

Checks for logged in users that have roles with elevated privilege before granting access. Valid entries:

  • true: Check if logged in user has role with elevated privilege before granting access.
  • false: Do not check if logged in user has role with elevated privilege before granting access.

However I couldn't understand how this is working.
Could you please provide me more detail instruction about this property?

0 Helpfuls
  • 528 Views
1 ACCEPTED SOLUTION

Go to solution
michaelj_sherid
ServiceNow Employee
ServiceNow Employee
In response to Kohei Tominaga1

‎02-14-2024 05:15 PM

@Kohei Tominaga1 That was a specific customer requirement where they required an elevated role to access the HR Profile under certain conditions. Again, this was not OOtB, but a good use case. Leveraging the elevated role was used when the user was on the network, but when the user was not on the company's network, they were not able to see certain data in the HR Profile. The elevated permission was an easier way to address this use case (prior to the release of Adaptive Authentication).

 

Regards,

Mike 

View solution in original post

0 Helpfuls
3 REPLIES 3

Go to solution
michaelj_sherid
ServiceNow Employee
ServiceNow Employee

‎02-14-2024 05:53 AM

@Kohei Tominaga1 The use case is if a customer wanted to have users elevate roles before accessing HR Profile records. This can impact other areas of the platform so this is why it was introduced as a system property for customers who have use cases to elevate access (in HRSD).

 

If my answer has helped with your question, please mark my answer as an accepted solution and give a thumbs up.

Regards,

Mike

0 Helpfuls

Go to solution
Kohei Tominaga1
Tera Expert
In response to michaelj_sherid

‎02-14-2024 04:07 PM

@michaelj_sherid Thank you for your response. Could you please tell me more details the case when users access HR profile using elevate role? In my understanding, users with HR roles can access HR profile and any other users without HR roles cannot access HR profile. So, for example, when admin users elevate roles such as security admin, they cannot access HR profile. Is there any OOTB elevate role which grant access to HR profile?

0 Helpfuls

Go to solution
michaelj_sherid
ServiceNow Employee
ServiceNow Employee
In response to Kohei Tominaga1

‎02-14-2024 05:15 PM

@Kohei Tominaga1 That was a specific customer requirement where they required an elevated role to access the HR Profile under certain conditions. Again, this was not OOtB, but a good use case. Leveraging the elevated role was used when the user was on the network, but when the user was not on the company's network, they were not able to see certain data in the HR Profile. The elevated permission was an easier way to address this use case (prior to the release of Adaptive Authentication).

 

Regards,

Mike 

0 Helpfuls