Gaurav Shirsat
Mega Sage

Granular admin roles in Notify:

When you create a new role, it doesn’t automatically follow the same security restrictions as existing roles. So, if there are certain tables—like the Notify tables—that should remain restricted, you need to handle that manually.

To do this, you add the new role to the deny ACL list. This explicitly blocks users with that role from accessing those tables. Without this step, users might unintentionally get access, which could lead to security or data privacy issues.

In simple terms: creating the role is not enough—you also need to make sure it is properly restricted wherever required.

 

ACL : Only users with the Notify administrator (notify_admin) and Notify viewer (notify_view) roles are allowed to access the Notify tables. These roles are specifically designed to give the right level of access—either full control or read-only visibility.

For everyone else, access is restricted using “deny unless authenticated” ACL rules. This means that if a user is not properly authenticated or does not have the required roles (for example, a public or guest user), they will not be able to access the Notify tables at all.

In simple terms, the system follows a strict access control approach:

Only specific roles are allowed.

All other users are blocked by default.

This helps keep Notify data secure and ensures that only authorized users can view or manage it.

 

Below are some of the Tables which are Part of NotifyNotify.png

 

In the Australia release, ServiceNow introduced granular admin roles for better security and control.

One of these is notify_setup_admin, specifically for the Notify application.

Need to add this Role : Earlier, broader roles (like full admin) were often required.

Now, ServiceNow is moving toward feature-specific roles.

  • notify_setup_admin allows:
  • Configuring Notify features
  • Managing Notify properties
  • Setting up integrations (SMS, voice, etc.)

 

Contains Roles

List of roles contained within the role notify_setup_admin

  • notify_admin
  • sn_twilio_direct.admin
  • workflow_admin
  • workflow_creator
  • workflow_publisher

 

notify_view Role:

The notify_view role is designed to give users read-only access to certain Notify-related data. Specifically, users with this role can view information in the Notify Conference Calls table (notify_conference_call) and the Notify Conference Call Participants table (notify_participant). However, they cannot make any changes to this data — they can only see it.

Additionally, when both the Incident Communications Management and Notify plugins are activated, something important happens automatically. The itil role (commonly assigned to IT support users) inherits the notify_view role.

This means that users who already have the itil role will automatically gain visibility into Notify conference calls and participant details, without needing any extra role assignment. It helps ensure that IT agents involved in incident management can easily access communication details when needed, while still maintaining controlled, read-only access.

 

Thanks and Regards

Gaurav Shirsat

Version history
Last update:
an hour ago
Updated by:
Contributors