Zurich Release - Is Conditional Script Writer Group needed for admins? or can we disable it for all?

RC19
Tera Expert

‎11-17-2025 04:17 AM - edited ‎11-17-2025 04:25 AM

Hello All,

 

Have anyone completed their Zurich upgrade? we see new group "Conditional Script Writer" and it's role getting auto assigned to all existing users and new users created. I have already made "glide.security.scripting_role.auto_provisioning" property to false .

 

Below statement from support doc says that even admins cannot edit scripts if this role is not given to them but when i have tested that currently admins are able to edit scripts even without this role/group

 

RC19_0-1763381541214.png

How have you completed Zurich upgrade in your instance? please suggest on how you handled this new role/group feature in your instance and what is the best way... Why should admins need such role and why non admins should even edit scripts ?

0 Helpfuls
  • 914 Views
4 REPLIES 4

Ankur Bawiskar
Tera Patron
Tera Patron

‎11-17-2025 04:24 AM

@RC19 

My thoughts

-> This feature prevents unauthorized or accidental script changes, improving platform security and compliance. Non-admins should not edit scripts unless explicitly required for development.

-> allow- only users, who is knowledgeable enough, to have access to modify scripts

check this

Scripting Governance Tool 

💡 If my response helped, please mark it as correct and close the thread 🔒— this helps future readers find the solution faster! 🙏

Regards,
Ankur
Certified Technical Architect  ||  9x ServiceNow MVP  ||  ServiceNow Community Leader

RC19
Tera Expert
In response to Ankur Bawiskar

‎11-17-2025 04:48 AM

Hi Ankur,

 

Thanks for that document. it was helpful. However, I observed one more thing that if any user is not given this role, then they won't be able to edit any html fields as well(which we mainly see in Problem form). So indirectly this role needs to be given to all users. Else maybe we need to edit the OOB acts. Any views on this ?

0 Helpfuls

Ankur Bawiskar
Tera Patron
Tera Patron
In response to RC19

‎11-17-2025 05:02 AM

@RC19 

I don't have any Zurich instance so can't check.

But if you are pointing this out, then mostly it means it's not working as expected as per OOTB feature.

Regards,
Ankur
Certified Technical Architect  ||  9x ServiceNow MVP  ||  ServiceNow Community Leader
0 Helpfuls

Victoria Drobys
Tera Contributor

‎11-21-2025 02:37 AM

Hi @RC19 

Based on my experience with Zurich, I recommend adding this role for users who already have the following roles

1. admin - since admins usually work with all types of scripts;

2. itil -because ITIL users need access to HTML fields (as you mentioned in Problem form);

3. knowledge - because the Knowledge Article body is an HTML field

And this is a bare minimum for the ITSM. 

ServiceNow recommended to include this role to the groups (not into the roles directly)

 

It’s a weird concept, but I don’t see any better option. HTML fields are used everywhere in the instance, and even though assigning access user-by-user sounds nice in theory, it just doesn’t work in real life.

I hope my reply helps. Thank you