how to restrict admin to grant admin roles to user profiles.

Deepa12
Tera Contributor

After UTAH upgrade, Admin was trying to add the admin role into user profile. the role has been added but it didnt show any error message like "user 'xx' without admin\security_Admin is not allowed to grant admin/security_admin containing groups".

 

but in san diego i am getting this info message if i try to add the admin role to user without elevate security_Admin.

 

Deepa12_0-1686046044068.png

 

pls advise the reason

1 REPLY 1

Saurav11
Kilo Patron
Kilo Patron

hello,

 

You generally get that error when  the admin role contains another role that has Elevated privilege checked, a user with the admin role must use 'Elevate Roles' to elevate to the contained role to utilize the expected admin privileges.

 

Check once that after upgrade does the group contain admin role and does it still have the elevate privilege checked?

 

Please see the below article:-

 

https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB0793530

 

Please mark my answer as correct based on Impact.