Hi @Philip Conforzi , 

You can remove the user_admin role from delete ACL, in case you want to limit the delete operation to admin roles only.

OOTB, admin and user_admin both have delete access on sys_user record.

-Thanks,

AshishKM

Hello @Philip Conforzi ,

In ServiceNow, the user_admin role does not inherently provide the ability to delete records in the sys_user table by default. However, users with the user_admin role have significant administrative privileges related to user management and can perform various actions on user records, including creating, updating, and deactivating users.

If you want to explicitly restrict users with the user_admin role from deleting records in the sys_user table, you can achieve this by configuring ACLs (Access Control Rules) appropriately.

Here's how you can restrict deletion of records in the sys_user table for users with the user_admin role:

1. Create an ACL Rule:

   • Navigate to "System Security" > "Access Control" > "Roles" in ServiceNow.
   • Open the "sys_user" table.
   • Create a new ACL rule for the user_admin role.
   • Set the operation to "Delete".

2. Define Conditions:

   • In the ACL rule, define conditions under which the rule applies. For example, you might want to apply the rule only when the user is trying to delete a user record.

3. Specify Permissions:

   • Set the permissions for the user_admin role for the "Delete" operation to "Deny".

4. Test the ACL Rule:

   • Test the ACL rule to ensure that users with the user_admin role are unable to delete records in the sys_user table.

By configuring ACL rules in this manner, you can enforce restrictions on specific actions, such as deletion, for users with the user_admin role, ensuring that they adhere to the desired security policies and practices. It's important to thoroughly test the ACL rules to ensure that they work as expected and do not inadvertently restrict legitimate operations.

Regards,

Sujit

Please mark my answer Correct/Helpful, If applicable