Solved: non admin users can use sn utils on servicenow - ServiceNow Community

non admin users can use sn utils on servicenow???????????

and manipulate several fields.

1,034 Views

2 ACCEPTED SOLUTIONS

Hi there,

If you have proper security in place, ACL's for example, that shouldn't be possible. If you have poor security in place, like poort client side solutions... that could be the case.

What's the reason behind your question?

Kind regards,

Mark Roethof

Independent ServiceNow Consultant

10x ServiceNow MVP

---

~444 Articles, Blogs, Videos, Podcasts, Share projects - Experiences from the field

View solution in original post

Only admins and impersonated users can edit the field on label Doubleclick.

Non-admins only can view the value.

View solution in original post

5 REPLIES 5

Hi there,

If you have proper security in place, ACL's for example, that shouldn't be possible. If you have poor security in place, like poort client side solutions... that could be the case.

What's the reason behind your question?

Kind regards,

Mark Roethof

Independent ServiceNow Consultant

10x ServiceNow MVP

---

~444 Articles, Blogs, Videos, Podcasts, Share projects - Experiences from the field

just curiosity, but your answer nailed it. Tks!!!!!!!

Only admins and impersonated users can edit the field on label Doubleclick.

Non-admins only can view the value.

That actually introduces some risks with the new time-limited-role feature probably allowing more people the impersonate role (temporarily)

It actually caught me out when I was impersonating on my normal user that was granted impersonate role and I could break the system...

I realize the gs.isImpersonating() is probably the easiest way to find out, but it is definitely not failsafe.