[GF#6] Read-Only Admin

Go to solution
GlideFather
Tera Patron

‎01-14-2026 03:26 PM

Not a question. 

Discover how read-only admin access in ServiceNow lets you share full platform visibility without risk.

 

GlideFather_0-1768432855880.png
GlideFather_1-1768432860640.png
GlideFather_2-1768432864683.png

GlideFather_3-1768432870212.png

 

Have you ever needed read-only admin?

_____
Answers generated by GlideFather. Check for accuracy.

  • 1,229 Views
1 ACCEPTED SOLUTION

Go to solution
GlideFather
Tera Patron
In response to EgSnow

3 hours ago

Ahoy @EgSnow, thank for taking the time to review my posts, it's really appreciated! Do you also have any actual evidence for that or is this just an assumption?

 

Because I tested it myself again to demonstrate you what I tried to explain above - you simply CANNOT get stronger permission by impersonation than what you currently have assigned, you just don't.

 

Here is what I did and I invite you to validate from your end as well, create two users:

  • "User_a": admin-read-only
    • admin + snc_read_only
  • "User_b": admin-standard
    • admin only

GlideFather_0-1779483195054.png

 

Then I logged as User_a (admin-read-only) and impersonated the User_b (full admin) and checked random records as seen below.

 

A business rule:

Screenshot 2026-05-22 at 21.45.20.png

 

A user profile:

GlideFather_1-1779483327270.png

 

A location record:

GlideFather_2-1779483330811.png

 

Also tried to access background script:

GlideFather_3-1779483334111.png

 

Read-only access is still read-only and isn't overridden by impersonation and the above proves it.

 

I'm happy to discuss this further if you have something concrete to back up your claim but but it looks more like unvalidated assumptions than anything actually tested and verified from your end, what do you reckon?

_____
Answers generated by GlideFather. Check for accuracy.

View solution in original post

0 Helpfuls
5 REPLIES 5

Go to solution
GlideFather
Tera Patron
In response to EgSnow

3 hours ago

Ahoy @EgSnow, thank for taking the time to review my posts, it's really appreciated! Do you also have any actual evidence for that or is this just an assumption?

 

Because I tested it myself again to demonstrate you what I tried to explain above - you simply CANNOT get stronger permission by impersonation than what you currently have assigned, you just don't.

 

Here is what I did and I invite you to validate from your end as well, create two users:

  • "User_a": admin-read-only
    • admin + snc_read_only
  • "User_b": admin-standard
    • admin only

GlideFather_0-1779483195054.png

 

Then I logged as User_a (admin-read-only) and impersonated the User_b (full admin) and checked random records as seen below.

 

A business rule:

Screenshot 2026-05-22 at 21.45.20.png

 

A user profile:

GlideFather_1-1779483327270.png

 

A location record:

GlideFather_2-1779483330811.png

 

Also tried to access background script:

GlideFather_3-1779483334111.png

 

Read-only access is still read-only and isn't overridden by impersonation and the above proves it.

 

I'm happy to discuss this further if you have something concrete to back up your claim but but it looks more like unvalidated assumptions than anything actually tested and verified from your end, what do you reckon?

_____
Answers generated by GlideFather. Check for accuracy.

0 Helpfuls