- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-28-2024 09:03 AM
I'm running into some issues with role assignment (add and remove) via a group where the group membership exceeds thirty-thousand members.
I want to know whether you have experience or knowledge relating to this. Is there a practical size limit for groups that assign roles? Is there a best practice for keeping group membership size below a certain threshold? If you have encountered this issue, how did you divide group membership to overcome it?
Thank you.
Solved! Go to Solution.

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-28-2024 02:02 PM
In this case I would assign the role directly to the user. You could do it going forward with a business rule or a flow on account insert. You could make the updates for existing users via script background. Why snc_external, are all your users external to your company?

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-28-2024 09:33 AM
No idea but I have also never head of a group with that many members. Why do you have such a large group and what role are they getting?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-28-2024 09:42 AM
Hi Brian, thank you for your reply.
Following the best practice of assigning roles through groups, I created a group that contains almost all the users in our sys_user table and assigns the snc_external role.
I'm wondering whether that was the best way to handle it. Or should I just assign that base-level role directly to users?

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-28-2024 02:02 PM
In this case I would assign the role directly to the user. You could do it going forward with a business rule or a flow on account insert. You could make the updates for existing users via script background. Why snc_external, are all your users external to your company?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-28-2024 03:09 PM
I treat most of my users as external.
I administer ServiceNow at a small community college. (I started in 2020 not knowing anything about ServiceNow. Everything I've learned has been on the job, much by trial and error). Less than two-thousand of the users in my sys_user table are employees. I give most of them the snc_internal role which I assign via a group that contains all employees. The rest of the users in my sys_user table are students - more than 33 thousand of them - prospective, current, and former students. I give them the snc_external role to severely limit their ability to do anything beyond basic use of a service portal.
I knew that creative manipulation of the URL can get a person to a list view, page, or something else that they didn't directly link to. When I was trying to decide which role would be most appropriate for students I tested URL manipulation starting at a service portal page and modifying the url to go to the sys_user table. I found that the snc_internal role allowed read access to the sys_user list view and some record values. Snc_external didn't allow that access. That is why I decided to use it for student users.
At least that was my reasoning/logic 2-3 years ago when I implemented that solution.
Thank you for all your assistance! If you have other suggestions/ideas I'm open to them.