Issues with Role Inheritance when extending sys_user_group and sys_user_grmember
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-17-2026 06:43 PM
Hi everyone,
I am working on a requirement where I have extended sys_user_group into a custom table u_team and sys_user_grmember into u_team_member. My goal is to have roles automatically synchronized to users when they are added to u_team_member, similar to how the standard Group-Member relationship works.
I have implemented a Business Rule (I basically call the Script Include and do nothing else) and Script Include to manually manage these roles in the sys_user_has_role table. However, I am facing two major issues:
Role Deletion Conflict: If a user belongs to both a standard Group and a custom Team, and both entities provide the same Role A: When I remove the user from the Team, my script deletes Role A from the user's profile, even though they should still retain it via the standard Group membership.
Inheritance Map issues: * If I set
inherited = truein my script, I struggle to keep it synced with the platform's native logic.If I set
inherited = false, the Inheritance Map tool does not show the relationship, making it hard to audit where the role came from.
My questions are:
Is it feasible to make a custom table extended from
sys_user_grmemberbehave exactly like the out-of-the-box one regarding role inheritance?How does the Inheritance Map mechanism work under the hood? Does it only track records explicitly linked via
sys_user_grmember? Are there any official documents or deep dives into how Inheritance Map work (I'm a ServiceNow newbie.)?
