Fix external user role assignments

  • Release version: Australia
  • Updated March 12, 2026
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Fix External User Role Assignments

    This document outlines the process for identifying and correcting internal role assignments for external users in your ServiceNow instance. External users should only be assigned external roles to prevent access issues. The guided setup in Customer Service Management allows for efficient evaluation and correction of these role assignments.

    Show full answer Show less

    Key Features

    • Guided Setup: Utilize the Customer Service Management guided setup to assess external user role assignments and make necessary corrections.
    • Role Assignment Evaluation: Identify external users with internal role assignments, specifically focusing on various combinations of the sncinternal role and other roles.
    • Scheduled Job: After tagging users with incorrect role assignments, run a scheduled job to rectify these assignments.
    • Query-Based Lists: Optionally review and update external user roles using query-based lists for more detailed analysis.

    Key Outcomes

    By following the guided setup, you will ensure that external users are not assigned internal roles, thereby enhancing security and access control. Additionally, enabling the property glide.security.explicitroles.enableinternaluserblacklist will help prevent future incorrect role assignments, maintaining the integrity of user roles within your organization.

    You may have external users (contacts or consumers) on your instance that have been assigned internal roles. If so, you can use the Customer Service Management guided setup to evaluate and correct these role assignments as needed.

    Because external users with internal roles can result in access issues, it’s recommended that external users only be assigned external roles.

    Use the tasks in the Fix External User Role Assignment category guided setup category to evaluate the contacts and consumers with the following role assignments:
    • The snc_internal role only.
    • The snc_internal role and one or more external roles.
    • The snc_internal role and one or more additional internal roles.
    • The snc_internal role and one or more additional internal and external roles.
    Review the list of users in each group and tag those users with incorrect role assignments. Then run the scheduled job to fix the role assignments.
    Note:
    You can also review and update external user roles using a query-based list. For more information, see KB0829930.

    Using guided setup to fix external user role assignments

    With the csm_guided_setup_user role, you can use guided setup to fix external user role assignments.
    1. Navigate to Customer Service > Administration > Guided Setup.
    2. On the Getting Started page of the guided setup, select Get Started.
    3. In the Fix External User Role Assignment category, select Get Started.

      The Fix External User Role Assignment page opens with a list of tasks to evaluate groups of external users.

    4. To perform a task, select Configure.

      This button opens the page in your instance where the configuration is completed.

    Fix External User Role Assignment tasks

    The following table describes the different configuration tasks in the Fix External User Role Assignment category.
    Table 1. Fix External User Role Assignment tasks
    Task Description
    External users with possible non-intentional internal role assignment It's a set of contacts and consumers with the following role assignments:
    • The snc_internal role only.
    • The snc_internal role and one or more external roles.
    You must not assign internal roles to external users. Review the contacts in this list and fix the role assignment as needed.
    External users with possible intentional internal role assignments It's a set of contacts and consumers that have the following role assignments:
    • The snc_internal role and one or more additional internal roles.
    • The snc_internal role and one or more additional internal and external roles.
    You must not assign both internal and external roles to the same user. Review the users in this list and fix the role assignment as needed.
    External users with intentional internal role assignments It's a set of contacts and consumers that have the snc_internal role that is contained by another role.

    You must not assign internal roles to external users. Review the users in this list and fix the role assignments as needed.
    Avoid such role assignments in future To help prevent external users from being assigned the snc_internal role in the future, enable the following property:

    glide.security.explicit_roles.enable_internal_user_blacklist

    Select Configure to navigate to the property and verify that the value is true. If false, set the value to true.