When logged in as an Admin, I can't see any users listed under and unfiltered view of User Administration>Users.

Go to solution
ewilks
Giga Expert

‎01-03-2017 08:27 AM

However, when I impersonate a user with the same roles, I can see all of the users.   Any idea what the problem could be?

0 Helpfuls
  • 4,368 Views
1 ACCEPTED SOLUTION

Go to solution
robpickering
ServiceNow Employee
ServiceNow Employee
In response to ewilks

‎01-04-2017 03:13 PM

ewilks



I'd review Chuck's suggestions.   I honestly haven't seen people have Admin groups that contained a bunch of roles other than just "admin".   You may be running into an issue whereby the roles are behaving strangely even though one of your roles is in fact "admin".



If it works correctly by only having "admin" in the group, then I'd just remove all of the other roles from your "ServiceNow Sys Admins" group, they aren't serving any purpose unless you have a bunch of custom ACLs in your environment.



In fact, it's possible that you have an ACL the prevents people with "issue_tracker" from seeing the Users table and that the ACL does NOT have "Admin Override" enabled, in which case it would block even admins...



-Rob


View solution in original post

0 Helpfuls
8 REPLIES 8

Go to solution
Chuck Tomasi
Tera Patron
In response to ewilks

‎01-03-2017 02:27 PM

Check to see if your User (sys_user) table has any view rules associated with it. The form is presented differently to each user. Also check ACLs to see if they could be an issue. Use System Diagnostics> Debug Security, then observe the allowed/denied access at the bottom of the form. Keep in mind admin doesn't always get the same permissions as users if "Admin overrides" is unchecked on those missing fields.


0 Helpfuls

Go to solution
ewilks
Giga Expert
In response to Chuck Tomasi

‎01-04-2017 01:34 PM

Thanks Chuck.


I did turn on the Debug Security.   When I clicked into users, there was no debugging written below the user list view.   When I clicked into the groups, I did get debugging.   I think I need to debug my debug (or something).


0 Helpfuls

Go to solution
robpickering
ServiceNow Employee
ServiceNow Employee
In response to ewilks

‎01-04-2017 03:13 PM

ewilks



I'd review Chuck's suggestions.   I honestly haven't seen people have Admin groups that contained a bunch of roles other than just "admin".   You may be running into an issue whereby the roles are behaving strangely even though one of your roles is in fact "admin".



If it works correctly by only having "admin" in the group, then I'd just remove all of the other roles from your "ServiceNow Sys Admins" group, they aren't serving any purpose unless you have a bunch of custom ACLs in your environment.



In fact, it's possible that you have an ACL the prevents people with "issue_tracker" from seeing the Users table and that the ACL does NOT have "Admin Override" enabled, in which case it would block even admins...



-Rob


0 Helpfuls

Go to solution
ewilks
Giga Expert
In response to robpickering

‎01-05-2017 08:58 AM

Thanks so much for the advice.   I looked at all of the ACLs for the sys_user table (and fields) and all of them have Admin override checked.   You must have a point with the extra roles.   I'll head to Dev, remove the roles and make sure that I don't run into any problems.


I appreciate it


0 Helpfuls