ITIL View visible to User even after removing ITIL role and giving the ONLY the snc_internal role
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
8 hours ago
After implementing the Zurich Upgrade, the User Roles are behaving abruptly.
Please follow the following steps and let me know here in the comments if you are able to recreate the issue. If you would be able to recreate the issue on your environment then, it can be concluded that this is a Upgrade related issue.
1. Create a User, provide no roles; the User gets snc_internal role automatically.
2. Add ITIL Role to User and Save
3. Edit Roles again and remove ITIL Role
If your environment has the Service Portal configured, then this user should now be directed to Service Portal Home Page. Because the user now doesn't have the ITIL Role, it only has snc_internal
4. Impersonate the User, and see if you land at the Service Portal Home Page or not.
If the user still has access to ITIL Applications and Modules, then I think that this is a Zurich upgrade related issue. If NOT, then what could be the reason for this in your opinion.
(The User ONLY has the snc_internal role, confirmed using hasRoles(), still able to ITIL View)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
48m ago
snc_internal role doesn’t work like the itil role and doesn’t grant itil-level access on its own......it’s a marker role that’s automatically assigned to classify a user as internal under the explicit roles framework but doesn’t carry the permissions you’d normally get from itil........and because of that just having snc_internal will let you log in and may let you see certain things via ui navigation or minimal acl that don’t require specific roles......but it doesn’t actually grant itil application access, so if a user appears to still have itil views after you removed the itil role it’s likely due to how acl and the explicit roles plugin are configured......not because snow keeps itil access with only snc_internal....please verify their exact roles, any inherited roles, and run security > access analyzer to see what’s actually granting the access.....
If you found my response helpful, please mark it as ‘Accept as Solution’ and ‘Helpful’. This helps other community members find the right answer more easily and supports the community.
Kaushal Kumar Jha - ServiceNow Technical Consultant - Rising Star/Class of Legends 2025
