User Role Inheritance API

  • Release version: Australia
  • Updated June 11, 2026
  • 2 minutes to read

    • The User Role Inheritance API provides endpoints that allow you to see the roles that a specific user inherited.

    This API requires the Contextual Security: Role Management V2 REST API (com.glide.role_management.inh_count.rest_api) plugin, automatically activated on new instances starting with the Jakarta release, or the Contextual Security: Role Management Enhancements REST API plugin, automatically activated starting with the Geneva release. The Contextual Security: Role Management V2 REST API is dependent on the Contextual Security: Role Management V2 (com.glide.role_management.inh_count) plugin.

    A user’s role can be directly granted, inherited from other roles, or inherited from groups. You must have the user_admin role to access this API.

    User Role Inheritance - GET /global/user_role_inheritance

    Returns a specified user's granted and inherited roles.

    URL format

    Versioned URL: /api/global/{api_version}/user_role_inheritance

    Default URL: /api/global/user_role_inheritance

    Note:
    Available versions are specified in the REST API Explorer. For scripted REST APIs there is additional version information on the Scripted REST Service form.

    Supported request parameters

    Table 1. Path parameters
    Name Description
    api_version Optional. Version of the endpoint to access. For example, v1 or v2. Only specify this value to use an endpoint version other than the latest.

    Data type: String
    Table 2. Query parameters
    Name Description
    user_sysid Required. Sys_id of the user for which to return role information.
    Table 3. Request body parameters (XML or JSON)
    Name Description
    None

    Headers

    The following request and response headers apply to this HTTP action only, or apply to this action in a distinct way. For a list of general headers used in the REST API, see Supported REST API headers.

    Table 4. Request headers
    Header Description
    Accept Data format of the response body. Supported types: application/json or application/xml.

    Default: application/json
    Table 5. Response headers
    Header Description
    None

    Status codes

    The following status codes apply to this HTTP action. For a list of possible status codes used in the REST API, see REST API HTTP response codes.

    Table 6. Status codes
    Status code Description
    200 Successful. The request was successfully processed.
    400 Bad Request. A bad request type or malformed request was detected.
    401 Unauthorized. The user credentials are incorrect or have not been passed.
    404 Not found. The requested item wasn't found.
    500 Internal server error. An unexpected error occurred while processing the request. The response contains additional information about the error.

    Response body parameters (JSON or XML)

    Name Description
    from_group List of roles that are inherited from groups that have roles.

    Data type: Array
    from_role List of roles that are either granted directly or inherited from other roles.

    Data type: Array
    user_name Full name of user.

    Data type: String

    Sample cURL request

    curl "https://instance.service-now.com/api/global/user_role_inheritance?user_sysid=62826bf03710200044e0bfc8bcbe5df1" \
--request GET \
--header "Accept:application/json" \
--user "username":"password"

    {
  "result": {
    "user_name": "abel.tuter",
    "from_group": [
      "[Azure Operators]/sn_azure.operator",
      "[Azure Operators]/sn_azure.operator/sn_azure.user"
    ],
    "from_role": [
      "/snc_internal",
      "/cloud_user",
      "/cloud_user/pa_viewer",
      "/cloud_user/sn_azure.user",
      "/cloud_user/aws_user"
    ]
  }
}