- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-09-2022 07:22 AM
My out-of-box (OOB) admin user cannot administer other OOB users if those users have access to other OOB scoped applications.
Even with security_admin elevated privilege, I get this error:
"The scope '[insert_scope-here] has scoped administration enabled and this user has protected roles but you are not an administrator of that scope"
I get the security logic behind the separation of duties, but should not the admin user have access to all other scopes? Since the admin user is currently the only user that I can use to access my new PDI, how do access these other scopes? Scoped examples include "Human Resources: Core"
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-09-2022 09:18 AM
I reloaded the plugin* demo data for one of the core app plugins. That plugin was com.sn_hr_core but it did not need to be that plugin. The picture of the admin user changed and now I can update other users.
*I be3lieve that the solution was to reload the demo data for a core scoped app. Another solution could have been that someone from ServiceNow saw this post and is updating my PDI in the background. I am periodically getting messages that I can't install plugins because another plugin (and that plugin changes) is installing.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-09-2022 08:26 AM
Hi, admin does not mandary need to have a right accessing restricted type of HR data (like queries to HR team, payroll, etc) hence it is essential that admin does not have an access by default. If access to HR sensitive information is required, HR Administrator [sn_hr_core.admin] role has to be added to user profile as well.
Hope it helps
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-09-2022 08:42 AM
The OOB admin delivered with the PDI has 280 roles, including the [sn_hr_core.admin] role which ha the Application Administrator flag checked to true.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-09-2022 09:18 AM
I reloaded the plugin* demo data for one of the core app plugins. That plugin was com.sn_hr_core but it did not need to be that plugin. The picture of the admin user changed and now I can update other users.
*I be3lieve that the solution was to reload the demo data for a core scoped app. Another solution could have been that someone from ServiceNow saw this post and is updating my PDI in the background. I am periodically getting messages that I can't install plugins because another plugin (and that plugin changes) is installing.
