[GF#6] Read-Only Admin

GlideFather · ‎01-14-2026

Not a question.

Discover how read-only admin access in ServiceNow lets you share full platform visibility without risk.

Have you ever needed read-only admin?

_____
Answers generated by GlideFather. Check for accuracy.

SebinS · 2 weeks ago

Thankyou for information.

EgSnow · 2 weeks ago

This situation can only be bypassed if the user admin and read-only roles impersonate a user with admin privileges. In that case, the user admin and read-only would effectively become a full admin.

GlideFather · 2 weeks ago

Ahoy @EgSnow,

thank you for your comment, I am quite not sure I understand you but it seems that you claim that user_admin and read_only will allow you to get full admin rights by impersonation. Is that what you are saying? Because it is not correct and I validated that, see below.

In principal, you cannot impersonate for higher role than you have assigned yourself, it is a security measure.

You mentioned user_admin - I created a dummy user with that role, assigned it also itil to access backend and impersonator role to be able impersonating.

See on the left, dummy user with 3 roles (+ auto-inherited many more), then I created credentials for them to login locally for that user and tried to impersonate for an admin - not possible:

But an admin can impersonate for another admin - OK:

Is that what you meant or could you possibly elaborate a bit more on what you wanted to say?

_____
Answers generated by GlideFather. Check for accuracy.

EgSnow · an hour ago

Hello Tera Patron,

I’d like to clarify my use case once more.

User_a has both "admin" and "snc_read_only" roles, while User_b only has the "admin" role.

When User_a impersonates User_b, User_a is granted writing permissions.

I hope this explanation helps clarify the scenario. So, there is a little risk.

Kind Regards