How to get NOBODY to be able to delete records within the instance? Even administrators.

Pablo Sanz · ‎06-23-2023

I have a requirement where it mentions that no one (including administrators) should have permissions to delete records in ServiceNow.

Is there any way to achieve this goal?

Any help is appreciated, thanks.

Tony Chatfield1 · ‎06-23-2023

Hi, it would be possible to update ACL's and\or make all delete UI actions inactive, but I would not consider this best practice and may result in many operational issues IE the removal of many record relationships is a deletion of the relationship record. I would only consider this on a table by table basis, and would ensure any impact is fully evaluated before deployment to production.

Mark Roethof · ‎06-23-2023

Hi there,

Any records specifically? Asking because you defnitely NOT want this for your entire platform / every table / etc.. That's just an extreme no go.

Also you actually do want to delete records, hopefully automated. Out-of-the-box there is already a lot being maintained, automatically deleted, etc..

If this for example concerns Tasks, Incidents, etc, you could update the delete ACL, and add the "nobody" role. Works fine in general. Is it 100% solid, no... really smart administrators can get around this 🙂

Be aware, that this might work the restrict for administrators, though do test if this won't cause any issues on automated logic in your instance.

I would wonder though, what is the WHY of restricting such? Would auditing such activities be also an option?

Kind regards,
Mark

Kind regards,

Mark Roethof

Independent ServiceNow Consultant

10x ServiceNow MVP

---

~444 Articles, Blogs, Videos, Podcasts, Share projects - Experiences from the field

Pablo Sanz · ‎06-27-2023

Thank you very much for your answers, is there any risk around "Upgrades" or anything related in case a role with certain privileges is added to the Access Controls?

Also if there is any documentation in which to have more details would be awesome.