Elevated role workspace_list_admin always enabled

Go to solution
simonthomas
Tera Expert

‎09-04-2024 06:28 PM

The role workspace_list_admin is an elevated privilege which normally means it needs to be manually elevated, but it is always elevated for me. How do I turn this off and force the role to be manually elevated when required?

  • 1,548 Views
1 ACCEPTED SOLUTION

Go to solution
kkingsle
Tera Expert
In response to kkingsle

‎04-22-2025 10:34 AM

I ended up opening a case for this, and there is a simple solution.   We've been using ServiceNow so long (Calgary) that we're missing some system properties. 

I simply had to create glide.security.strict_elevate_privilege with a value of true.

I included this description:

Use the glide.security.strict_elevate_privilege property to control whether roles marked as privileged must be manually elevated for the user to be granted the role's capabilities.
Set this property to true to add an extra layer of security validation when a privileged user elevates their role.
When glide.security.strict_elevate_privilege is set to false, roles marked as privileged are automatically elevated upon an admin user new session, and do not need to be manually elevated (with the exception of security_admin).

View solution in original post

9 REPLIES 9

Go to solution
kkingsle
Tera Expert

‎11-08-2024 10:40 AM

My company is seeing this issue too, but only in PROD (Washington Patch 7, non-prod are all 7a) for all sys_admins.

But our scenario is it will stay "unchecked" if you uncheck it, but it will "recheck" if you impersonate another user, then end impersonation.  We don't impersonate in PROD that often, so it was just recently noticed.

0 Helpfuls

Go to solution
kkingsle
Tera Expert
In response to kkingsle

‎04-22-2025 10:34 AM

I ended up opening a case for this, and there is a simple solution.   We've been using ServiceNow so long (Calgary) that we're missing some system properties. 

I simply had to create glide.security.strict_elevate_privilege with a value of true.

I included this description:

Use the glide.security.strict_elevate_privilege property to control whether roles marked as privileged must be manually elevated for the user to be granted the role's capabilities.
Set this property to true to add an extra layer of security validation when a privileged user elevates their role.
When glide.security.strict_elevate_privilege is set to false, roles marked as privileged are automatically elevated upon an admin user new session, and do not need to be manually elevated (with the exception of security_admin).

Go to solution
Sarah Travis
Tera Contributor
In response to kkingsle

‎04-22-2025 11:31 AM

This worked for me.  Thank you for sharing!

0 Helpfuls

Go to solution
simonthomas
Tera Expert
In response to kkingsle

‎04-27-2025 08:17 PM

I found that even though Security Center said this property was enabled, it wasn't even present. I deactivated and reactivated it in Security Center and now it works.

0 Helpfuls

Go to solution
Sarah Travis
Tera Contributor

‎04-22-2025 10:27 AM

I'm having the same issue.  I'm full admin and started noticing it while testing Yokohama.  I think I first saw it after looking into ACLs regarding a workspace listed in the Workspace menu item.  I can turn it off, but if I impersonate someone and stop impersonating, it's elevated again.

0 Helpfuls