Which is highest role after admin in servicenow

kkswamy
Tera Expert

‎01-17-2018 12:31 PM

Hi,

Can anybody let me know, what is the highest role after admin role in servicenow given by the servicenow, i should assign that particular role to our team members, but they should not have the same capability what admin has.

Any help much appreciated.

0 Helpfuls
  • 3,462 Views
7 REPLIES 7

ark6
Mega Guru

‎01-17-2018 12:35 PM

Please note that there are three types of roles in servicenow


1. Administrator(Admin, security admin etc falls under this).


2. Fulfiller(ITIL, ITIL admin etc)


3. Approver(approver_user)


So, if your team just want to work on incoming incidents/changes etc you could provide them ITIL role, however they will not be able to make any configuration changes in the system



OR, you could setup a new role and write ACLs to give the access you require to that role


0 Helpfuls

ndt13
Giga Expert

‎01-17-2018 12:37 PM

Hi Kotaiah,



This should really be dictated by the exact roles and responsibilities of those users.   What exactly will they be doing in terms of admin maintenance and support?   Is this only for a subprod instance, or are you asking about a production environment?



There is an 'itil_admin' role: Possesses more privileges than the '''itil''' role and is intended for team leads. This role has the ability to delete incidents, problems, changes, and other related entities



There is a 'user_admin' role: Can administer users, groups, locations, and companies



And there are many other similar "admin" roles that are specific to certain applications.   The manner in which you grant them will really depend on what you need your users to do.


0 Helpfuls

kkswamy
Tera Expert
In response to ndt13

‎01-17-2018 12:41 PM

They should have the ability to see all the modules and applications in servicenow like admin and they can see all the scripts,workflows and code in read only mode, should not suppose to edit or delete anything.


0 Helpfuls

ark6
Mega Guru
In response to kkswamy

‎01-17-2018 12:46 PM

OOB, there are no roles available which will provide read only access to everything. You could create a new role and provide read only access to all the tables using the role.



There wil be an ACL marked with *.* . You need to modify that and add your role to that.



Be very careful to change this as this will impact all tables in your instance


0 Helpfuls