how to restrict admin to grant admin roles to user profiles.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-06-2023 03:08 AM
After UTAH upgrade, Admin was trying to add the admin role into user profile. the role has been added but it didnt show any error message like "user 'xx' without admin\security_Admin is not allowed to grant admin/security_admin containing groups".
but in san diego i am getting this info message if i try to add the admin role to user without elevate security_Admin.
pls advise the reason
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-06-2023 04:54 AM
hello,
You generally get that error when the admin role contains another role that has Elevated privilege checked, a user with the admin role must use 'Elevate Roles' to elevate to the contained role to utilize the expected admin privileges.
Check once that after upgrade does the group contain admin role and does it still have the elevate privilege checked?
Please see the below article:-
https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB0793530
Please mark my answer as correct based on Impact.