When logged in as an Admin, I can't see any users listed under and unfiltered view of User Administration>Users.

ewilks
Giga Expert

However, when I impersonate a user with the same roles, I can see all of the users.   Any idea what the problem could be?

1 ACCEPTED SOLUTION

robpickering
ServiceNow Employee
ServiceNow Employee

ewilks



I'd review Chuck's suggestions.   I honestly haven't seen people have Admin groups that contained a bunch of roles other than just "admin".   You may be running into an issue whereby the roles are behaving strangely even though one of your roles is in fact "admin".



If it works correctly by only having "admin" in the group, then I'd just remove all of the other roles from your "ServiceNow Sys Admins" group, they aren't serving any purpose unless you have a bunch of custom ACLs in your environment.



In fact, it's possible that you have an ACL the prevents people with "issue_tracker" from seeing the Users table and that the ACL does NOT have "Admin Override" enabled, in which case it would block even admins...



-Rob


View solution in original post

8 REPLIES 8

Check to see if your User (sys_user) table has any view rules associated with it. The form is presented differently to each user. Also check ACLs to see if they could be an issue. Use System Diagnostics> Debug Security, then observe the allowed/denied access at the bottom of the form. Keep in mind admin doesn't always get the same permissions as users if "Admin overrides" is unchecked on those missing fields.


Thanks Chuck.


I did turn on the Debug Security.   When I clicked into users, there was no debugging written below the user list view.   When I clicked into the groups, I did get debugging.   I think I need to debug my debug (or something).


robpickering
ServiceNow Employee
ServiceNow Employee

ewilks



I'd review Chuck's suggestions.   I honestly haven't seen people have Admin groups that contained a bunch of roles other than just "admin".   You may be running into an issue whereby the roles are behaving strangely even though one of your roles is in fact "admin".



If it works correctly by only having "admin" in the group, then I'd just remove all of the other roles from your "ServiceNow Sys Admins" group, they aren't serving any purpose unless you have a bunch of custom ACLs in your environment.



In fact, it's possible that you have an ACL the prevents people with "issue_tracker" from seeing the Users table and that the ACL does NOT have "Admin Override" enabled, in which case it would block even admins...



-Rob


Thanks so much for the advice.   I looked at all of the ACLs for the sys_user table (and fields) and all of them have Admin override checked.   You must have a point with the extra roles.   I'll head to Dev, remove the roles and make sure that I don't run into any problems.


I appreciate it