Why doesn't an admin user inherit the admin role from the assigned group

Go to solution
Edward Rosario
Mega Sage
Mega Sage

‎07-28-2023 12:32 PM - edited ‎07-28-2023 12:33 PM

Hello All,

I have a group called "ServiceNow Support" that contains the admin, security_admin and itil roles assigned to it. when I add users to it, including myself we're not inheriting the roles, I have to add directly to the user record. I'm currently on the Utah version but I think it's been happening before that.

0 Helpfuls
  • 1,213 Views
1 ACCEPTED SOLUTION

Go to solution
Bert_c1
Kilo Patron

‎07-29-2023 07:30 AM - edited ‎07-29-2023 10:10 AM

Hi,

 

I don't see bug here. But check if the "Contextual Security: Role Management" and "Contextual Security: Role Management V2" plugins are activated.  And see LearnUseThrive's comment on the security_admin role needing to be assigned by an admin user with that role.

 

If the two plugins are activated (These are present OOB on new instances since some time ago) then a 'fix script' is needed to check integrity of sys_user_has_role. And only Servicenow Support can run that to repair the table. They can also run a 'check' first to get what needs changing, so the customer can review proposed changes before any are made by the fix script. I have seen this fix many role inheritance problems over time.

 

check for the system property name 'glide.role_management.use.inh_count' should be present and set to 'true'.

View solution in original post

7 REPLIES 7

Go to solution
Dr Atul G- LNG
Tera Patron
Tera Patron

‎07-29-2023 12:13 AM

Hi @Edward Rosario 

 

Seems it is bug and request you please raise a case for support.

 

Please mark this response as correct or helpful or the solution accepted if it assisted you with your question.

Regards
Atul G.
Learn N Grow With Atul G

*************************************************************************************************************
If my response proves useful, please indicate its helpfulness by selecting " Accept as Solution" and " Helpful." This action benefits both the community and me.

Regards
Dr. Atul G. - Learn N Grow Together
ServiceNow Techno - Functional Trainer
LinkedIn: https://www.linkedin.com/in/dratulgrover
YouTube: https://www.youtube.com/@LearnNGrowTogetherwithAtulG
Topmate: https://topmate.io/atul_grover_lng [ Connect for 1-1 Session]

****************************************************************************************************************
0 Helpfuls

Go to solution
Bert_c1
Kilo Patron

‎07-29-2023 07:30 AM - edited ‎07-29-2023 10:10 AM

Hi,

 

I don't see bug here. But check if the "Contextual Security: Role Management" and "Contextual Security: Role Management V2" plugins are activated.  And see LearnUseThrive's comment on the security_admin role needing to be assigned by an admin user with that role.

 

If the two plugins are activated (These are present OOB on new instances since some time ago) then a 'fix script' is needed to check integrity of sys_user_has_role. And only Servicenow Support can run that to repair the table. They can also run a 'check' first to get what needs changing, so the customer can review proposed changes before any are made by the fix script. I have seen this fix many role inheritance problems over time.

 

check for the system property name 'glide.role_management.use.inh_count' should be present and set to 'true'.