Business rule to Only allow specific users to add role admin or security_admin to users and groups

sanjana5 · ‎10-13-2022

Create a before insert business rule that checks will check to see if the logged in user is attempting to insert the role of admin or security_admin into a record on the sys_user table or sys_user_group table. If so the logged in user must be one of the following

SONALI(S12365)
PHANI(P67543)
PRIYA(P6539)

If not abort the action and display a message "You are not authorized to perform this action. If you need to provide admin or security admin access to a user you must submit the following request in the ServiceNow Production instance

SanjivMeher · ‎10-13-2022

Ok. So you will have to create an onInsert Before Business rule in the sys_user_has_role table. I should be pretty simple.

In the BR condition, you can specify the roles, for ex, Role = admin OR Role = security_admin && User!=SONALI && User!=Phani && User!=PRIYA

And in the 2nd Tab 'Set Values', you can select action to Abort with the abort message.

Please mark this response as correct or helpful if it assisted you with your question.

View solution in original post

SanjivMeher · ‎10-13-2022

Is this a question?

Please mark this response as correct or helpful if it assisted you with your question.

sanjana5 · ‎10-13-2022

Hi sanjiv, yes it is a question to create a before insert business rule

SanjivMeher · ‎10-13-2022

Ok. So you will have to create an onInsert Before Business rule in the sys_user_has_role table. I should be pretty simple.

In the BR condition, you can specify the roles, for ex, Role = admin OR Role = security_admin && User!=SONALI && User!=Phani && User!=PRIYA

And in the 2nd Tab 'Set Values', you can select action to Abort with the abort message.

Please mark this response as correct or helpful if it assisted you with your question.

sanjana5 · ‎10-13-2022

Correct me if i'm wrong. Thanks in Advance