Join the #BuildWithBuildAgent Challenge! Get recognized, earn exclusive swag, and inspire the ServiceNow Community with what you can build using Build Agent.  Join the Challenge.

Zurich Release - Is Conditional Script Writer Group needed for admins? or can we disable it for all?

RC19
Tera Contributor

2 hours ago - last edited 2 hours ago

Hello All,

 

Have anyone completed their Zurich upgrade? we see new group "Conditional Script Writer" and it's role getting auto assigned to all existing users and new users created. I have already made "glide.security.scripting_role.auto_provisioning" property to false .

 

Below statement from support doc says that even admins cannot edit scripts if this role is not given to them but when i have tested that currently admins are able to edit scripts even without this role/group

 

RC19_0-1763381541214.png

How have you completed Zurich upgrade in your instance? please suggest on how you handled this new role/group feature in your instance and what is the best way... Why should admins need such role and why non admins should even edit scripts ?

0 Helpfuls
  • 110 Views
3 REPLIES 3

Ankur Bawiskar
Tera Patron
Tera Patron

2 hours ago

@RC19 

My thoughts

-> This feature prevents unauthorized or accidental script changes, improving platform security and compliance. Non-admins should not edit scripts unless explicitly required for development.

-> allow- only users, who is knowledgeable enough, to have access to modify scripts

check this

Scripting Governance Tool 

💡 If my response helped, please mark it as correct and close the thread 🔒— this helps future readers find the solution faster! 🙏

Regards,
Ankur
Certified Technical Architect  ||  9x ServiceNow MVP  ||  ServiceNow Community Leader

RC19
Tera Contributor
In response to Ankur Bawiskar

2 hours ago

Hi Ankur,

 

Thanks for that document. it was helpful. However, I observed one more thing that if any user is not given this role, then they won't be able to edit any html fields as well(which we mainly see in Problem form). So indirectly this role needs to be given to all users. Else maybe we need to edit the OOB acts. Any views on this ?

0 Helpfuls

Ankur Bawiskar
Tera Patron
Tera Patron
In response to RC19

an hour ago

@RC19 

I don't have any Zurich instance so can't check.

But if you are pointing this out, then mostly it means it's not working as expected as per OOTB feature.

Regards,
Ankur
Certified Technical Architect  ||  9x ServiceNow MVP  ||  ServiceNow Community Leader
0 Helpfuls