Hello, is there a role that allows a user to view the security functons and admin functions without

PatriciaG185919 · 3 weeks ago

Our instance was taken over by a company that bought us, they want to do a security audit. I want to be able to give them access to view the settings but not change anything. What role can I give him?

Its_Azar · 3 weeks ago

Hi there @PatriciaG185919

There isn’t a single out-of-the-box read-only “security admin” role in ServiceNow. Roles like security_admin or admin inherently allow changes, so they’re not suitable for audit-only access. The best practice is to create a custom audit role and grant read-only ACLs on the specific tables they need to review (security settings, users/roles, system properties, etc.). In some cases, teams temporarily assign admin with strict supervision and a short time window, but for a proper audit, a custom read-only role with targeted ACLs is the safest and most controlled approach.

☑️ If this helped, please mark it as Helpful or Accept Solution so others can find the answer too.

Kind Regards,
Azar
Serivenow Rising Star ⭐
Developer @ KPMG.

View solution in original post

Its_Azar · 3 weeks ago

Hi there @PatriciaG185919

There isn’t a single out-of-the-box read-only “security admin” role in ServiceNow. Roles like security_admin or admin inherently allow changes, so they’re not suitable for audit-only access. The best practice is to create a custom audit role and grant read-only ACLs on the specific tables they need to review (security settings, users/roles, system properties, etc.). In some cases, teams temporarily assign admin with strict supervision and a short time window, but for a proper audit, a custom read-only role with targeted ACLs is the safest and most controlled approach.

☑️ If this helped, please mark it as Helpful or Accept Solution so others can find the answer too.

Kind Regards,
Azar
Serivenow Rising Star ⭐
Developer @ KPMG.