Elevated role workspace_list_admin always enabled

simonthomas · ‎09-04-2024

The role workspace_list_admin is an elevated privilege which normally means it needs to be manually elevated, but it is always elevated for me. How do I turn this off and force the role to be manually elevated when required?

kkingsle · ‎04-22-2025

I ended up opening a case for this, and there is a simple solution. We've been using ServiceNow so long (Calgary) that we're missing some system properties.

I simply had to create glide.security.strict_elevate_privilege with a value of true.

I included this description:

Use the glide.security.strict_elevate_privilege property to control whether roles marked as privileged must be manually elevated for the user to be granted the role's capabilities.

Set this property to true to add an extra layer of security validation when a privileged user elevates their role.

When glide.security.strict_elevate_privilege is set to false, roles marked as privileged are automatically elevated upon an admin user new session, and do not need to be manually elevated (with the exception of security_admin).

View solution in original post

Community Alums · ‎09-04-2024

Hi @simonthomas ,

That's wierd, not all users will have this role by default.

Is this happening with all the users?

simonthomas · ‎09-04-2024

It's happening for me specifically, not all users. I have full admin permissions.

The security_admin role behaves correctly. I have to manually elevate that role.

Community Alums · ‎09-04-2024

Hi @simonthomas ,

By default, you do not have elevated privilege roles upon login. You must manually elevate to the privilege of the role. An elevated privilege role lasts only for the duration of your user session. Session timeout or logout removes the role.

Have you checked by logging out and login in back, as you should see something like below:

simonthomas · ‎09-08-2024

I know that's how it should work, but that's not how it works for me. I can log out and back in and will immediately have that role elevated, even if I un-elevate the role before I log out.