Granular admin roles
Verify proper access management by assigning roles that define user permissions and responsibilities. By doing so, organizations can maintain security, enforce conformance, and optimize their operations effectively.
Roles are a fundamental part of managing access and maintaining security within your instance. They define what you can see and do, verifying that you have the appropriate level of access based on your responsibilities. By assigning the correct roles to the users, organizations can safeguard sensitive data, enforce compliance, and streamline operations.
To optimize access management within the ServiceNow AI Platform, consider adopting granular admin roles. This approach enables you to assign specific permissions to developers or users who perform minor administrative tasks, without granting them unrestricted access to the full admin role.
Nota:
- Users who are assigned with admin role previously will have its granular admin roles assigned based on the product or module that they had access to earlier.
- Each product within the ServiceNow AI Platform has its own set of granular admin roles. To determine the appropriate roles for your administrators or developers, refer to the specific product documentation.
- Granular admin roles are separate from the existing admin role and must be assigned independently.
By adopting granular admin roles, you can create a more secure and efficient access management system that aligns with your organization's needs.
Dica:
Use the search field to filter the granular admin role by entering keywords related to the role name or product.
| Product | Role Name | Description |
|---|---|---|
|
Access Analyzer |
access_analyzer_admin | Role required to use access-analyzer application. |
|
AE-StreamConnect |
message_replication_admin | Role required to access all IntegrationHub stream replication features, enable setup and connection to message brokers, and configure message stream replications. |
|
AE-StreamConnect |
stream_connect_admin | Role required to manage Stream Connect-related settings for subscriptions, topics, and other configurations. |
|
Agent Chat |
awa_admin | Role required to access granular AWA capabilities. |
|
Agent Chat |
interaction_admin | Role required to access granular interaction configuration capabilities. |
|
AI Agents |
sn_aia.admin | Role required to access and update Agentic AI tables. |
|
AI Search |
ais_admin | Role required to manage and view AI Search and NowAssist for Search tables, properties, and configurations. |
|
AI Virtual Agent |
sn_nowassist_admin.nsa_admin | Role required to enable your requesters to have a streamlined, conversational experience that is based on generative AI as they submit a catalog item request in Virtual Agent. |
|
App Governance |
sn_aemc.aemc_admin | Role required to have feature admin access for App Engine Management Center and includes scan_user. |
|
App Governance |
sn_app_summary.app_summary_admin | Role required to have feature admin access for App Summary. |
|
App Governance |
sn_deploy_pipeline.deployment_pipeline_admin | Role required to have feature admin access for Deployment Pipeline. |
|
App Governance |
sn_pipeline.pipeline_admin | Role required to have feature admin access for Pipeline. |
|
Audit, History and Journal |
audit_admin | Provides write and delete access to sys_audit. Manual record modifications should be avoided. For bulk deletions, use system jobs rather than direct deletion. |
|
Authentication |
adaptive_auth_policy_admin | Role required to configure adaptive authentication policies and filters, as well as update or delete those created by the role. Additionally, policies and filters created by other users and default configurations are available in read-only mode. |
|
Authentication |
adpative_auth_admin | Role required to access and modify Adaptive Authentication configurations, including creating and adjusting policies, managing policy contexts, and configuring filter criteria. Additionally, users can enable or disable adaptive authentication policies as needed. The role also grants access to modify Multi-Factor Authentication (MFA) settings, enabling users to enforce MFA and adjust MFA factor policies. |
|
Authentication |
custom_url_admin | Role required to configure new custom URLs for the instance, as well as to delete or modify existing custom URL configurations. |
|
Authentication |
password_policy_admin | Role required to configure and manage the password policies in the instance. Users with this role can create, manage, and enable or disable existing and new password policies. |
|
Authentication |
sso_config_admin | Role required to access all configurations related to Single Sign-On authentication within the instance. Grants the capability to create and modify feature configurations for SSO SAML, OIDC, Digest, and Certificate-Based Authentication in the instance. |
|
Authentication |
user_authn_admin | Role required to access and modify all user login-specific configurations, such as Single Sign-On (SSO), Account Recovery, Adaptive Authentication, MFA, and Password Policy. |
|
Authentication Factors |
auth_factors_admin | Role required to configure authentication for voice agent environments, with the factors that first identify the caller, then authenticate them before granting access. |
|
Career Conversations |
[sn_egd_act.admin] | Role required to configured all Career Conversations features, including auto closure of conversations and setting up integrations with Microsoft Outlook. |
|
CMDB |
sn_cmdb_editor | Role required to edit CMDB as an editor user. |
|
CMDB Coverage |
sn_cmdb_admin | Role required to configure the application and to create, read, write, and delete records in tables. |
|
Code Assist Experience |
background_script_admin | Role required to manage background scripts. |
|
Code Assist Experience |
now_assist_code_admin | Role required to manage the Now Assist for code generation settings in system_properties. |
|
Code Assist Experience |
now_assist_code_rag_admin | Role required to manage the Retrieval for code generation app. |
|
Collaborative Work Management |
sn_cwm.cwm_admin | Role required to update Collaborative Work Management (cwm) properties and reports. |
|
Contract Management Pro |
sn_cm_core.contract_admin | Role required for administrative access to Contracts Core and underlying data. |
|
Contract Management Pro - Contract Workspace |
sn_cm_workspace.admin | Role required to change the Contract Workspace for Contract Management Pro to fit into the business or user requirements. |
|
Contract Management Pro - Contracts Dashboard |
sn_cm_pa.pa_admin | Role required to activate and configure the Analytics Pack for Contract Management Pro application. |
|
Contract Management Pro - Now Assist in Contract Management |
sn_cm_gen_ai.ai_contract_admin | Role required for administrative access to the Now Assist in Contract Management application. |
|
Cloud Accelerate-Cloud Workspace |
sn_itom_cam.cw_admin | Role required to provision cloud accounts, add an unmanaged cloud account and update cloud account details. |
|
Cloud Accelerate-CSC |
sn_cmp.cloud_service_user.root_admin | Role required to manage stacks and resource filters. |
|
Cloud Accelerate-CSC |
sn_cmp.cloud_admin | Role required to setup Google Cloud Platform and Microsoft Azure Cloud on Cloud Services Catalog, setup cloud accounts for VMware, Specify the credentials that CSC Terraform Connector, work with stacks, view Cloud Service Requests in Cloud Admin Portal, view and utilize the Cloud Root Cause Analysis reports, debug and troubleshoot Cloud API Trail, create custom tags for cloud resources, Store the Azure service principal credentials in the instance. |
|
Cloud Accelerate-CPG |
sn_cmp.cmp_root_admin | Role required to create scan schedules, CI finder mapping, policies by using condition builder, flows, or script, a policy set, resource collectors and view the dashboard and audit issue reports to run remediation and scan configurations. |
|
Creator Studio |
sn_creatorstudio.configuration_admin | Role required to provide admin privileges for the Creator Studio. The roles contains the following Creator Studio granular admin roles:
|
|
Creator Studio |
sn_creatorstudio.task_admin | Role required to grant users access to change several fields on the Request Task table or a table that extends Request Task.This role contains the following:
|
|
CSM-CRM Foundation |
entitlement_admin | Role required to access the entitlement table. |
|
CSM-Case Management |
sn_csm_case_type.config_admin | Role required to create, view, update and delete records in the Case type [sn_case_type] table. |
|
CSM-Case Management |
sn_customerservice.case_admin | Role required to create, view, update and delete records in the Customer Service Case [sn_customerservice_case] table. |
|
CSM-Case Management |
sn_case_line.admin | Role required to create, view, update and delete records in the Case Line [sn_case_line] table. |
|
CSM-Case Management |
sn_csm_case_digest.admin | Role required to delete record in the Case Digest [sn_csm_case_digest_task] table. Also, can create, view, update and delete records in the Case Digest Configuration [sn_csm_case_digest_config] table. |
|
CSM-Case Management |
sn_task_plan.admin | Role required to create, view, update and delete records in the Task Plan tables. |
|
CSM-Case Management |
sn_complaint.admin | Role required to create, view, update and delete records in the Complaint tables. |
|
CSM-Case Management |
sn_onboarding.admin | Role required to create, view, update and delete records in the Onboarding tables. |
|
CSM-Case Management |
sn_csm_ppm.admin | Role required to create, view, update and delete records in the Project Portfolio Management tables. |
|
CSM-Case Management |
sn_action_status.admin | Role required to create, view, update and delete records in the Action Status tables. |
|
CSM-Case Management |
sn_uib_dyn_rel_rec.admin | Role required to create, view, update and delete records in the UIB Dynamic Related Records tables. |
|
CSM-Case Management |
sn_cs_sm.admin | Role required to create, view, update and delete records in the Customer Service with Service Management tables. |
|
CSM-CRM Foundation |
sales_agreement_admin | Role required to have full access to all sales agreement tables. |
|
CSM-CRM Foundation |
service_contract_admin | Role required to have full access to all contract tables. |
|
CSM-CRM Foundation |
sn_crm_customer_access_management_admin | Role required to have admin access to customer access management configuration tables, including related party configurations, responsibility definitions, and responsibility access configurations. |
|
CSM-CRM Foundation |
sn_crm_escalation_admin | Role required to have admin access to all escalations and related configuration tables. |
|
CSM-CRM Foundation |
sn_crm_foundation_admin | Role required to have admin access to CRM configurations, including escalations, query rules, and customer access management. It also contains sn_crm_foundation_data_manager role. |
|
CSM-CRM Foundation |
sn_cs_queryrules.admin | Role required to have admin access to all query rules. |
|
CSM-CRMFoundation |
sn_install_base.install_base_admin | Role required to have granular admin access for Install base and related features. |
|
CSM-CRMFoundation |
sn_l2c_core.admin | Role required to have full access to Lead to Cash Core metadata tables, modules, and application. |
|
CSM-CRM Foundation |
sn_prm.enterprise_partner_admin | Role required to have admin access for partner relationship management. |
|
CSM-CRM Foundation |
sn_crm_sequence.admin | Role required to give full access to sequence records and its related data. |
|
CSM-CRM Foundation |
sn_l2c_core.admin | Role required to have full access to Lead to Cash Core metadata tables, modules, and application. |
|
CSM-CRM Foundation |
sn_tmt_core.admin | Role required to have full access to Sales and Service Core API tables. |
|
CSM-Omni |
sn_openframe.admin | Role required to have granular admin access to Open frame tables and properties. |
|
CSM-Self Service |
actsub_admin | Role required to access Subscription and Activity Feed Framework related tables and modules. |
|
CSM-Self Service |
sn_communities.admin | Role required to access Communities related tables and modules. |
|
CSM-Self Service |
sn_csm_ec.ec_admin | Role required to have granular admin access for engagement messenger tables and Rest APIs. |
|
CSM-Self Service |
sn_csm_walkup.walkup_admin | Role required to access CSM Walkup Experience tables and modules. |
|
CSM-Self Service |
sn_embeddable_core.emb_admin | Role required to have granular admin access for web embeddables admin experience. |
|
CSM-Self Service |
sn_ext_usr_reg_admin | Role required to have granular admin access for External user registration. |
|
CSM-Self Service |
sn_gamification.admin | Role required to access Gamification related tables and modules. |
|
CSM-Self Service |
sn_otp_support_util_admin | Role required to have granular admin access for OTP Support Util. |
|
CSM-Base Entities |
csm_admin | Role required to access to all CSM features and data. |
|
CSM-Base Entities |
sn_res_shaper.admin | Role required to perform create, update, and delete operations for the Resolution Shaper Config table (sys_resolutionshaper_config). |
|
CSM-Customer Central |
sn_customer_central_admin | Role required to access all Customer Central features and data. |
|
Customer Success Management |
sn_acct_lc.customer_success_application_admin | Role required to have granular admin access for customer success management tables and server-side access. |
|
Data Streaming |
hermes_admin | Role required to have access for all Hermes related configuration and maintenance. |
|
Data Streaming |
idr_admin | Role required to have access for all IDR related configuration and maintenance. |
|
Data Streaming |
data_mgmt_tools_admin | Role required to enable administrators to perform basic Data Management tasks. |
|
Digital End-User Experience |
sn_dex.admin | Role required to manage user access to DEX, manage the applications that are being monitored, and handle onboarding or offboarding-related tasks. Used also to troubleshoot any issues that arise within the application. |
|
Document Intelligence |
platform_ml_di.admin, sn_docintel.admin | Role required to have granular admin access for Document Intelligence (docintel) capabilities. |
|
Document Management |
document_admin | Role required to manage system properties, security ACLs, and security ACL roles. Manage PDF generation, document conversion and document viewer OOB plugins. |
|
Document Management |
platform_document_management_admin | Provides access to perform Create, Read, Update and Delete operations to the Documents, references, versions, lists and list entry tables. |
|
Employee Center Outlook Add-in |
sn_outlook_addin.outlook_addin_setup | Role required to set up and manage the Employee Center Outlook Add-in, including access to the sn_outlook_addin.portal.suffix system property, modules, UI actions, and app application files. |
|
Employee Center Pro |
sn_hr_sp.esc_admin | Role required to have read and write access to the feedback task table, Employee Center version 37 onwards. |
|
Employee Profile |
sn_employee.admin |
Role required to create and manage employee profiles. |
|
Encryption |
security_admin | Role required to perform security operations as an admin. |
|
Encryption |
sn_kmf.admin | Role required to have admin and security admin access to be sn_kmf.admin. Can assign sn_kmf.cryptographic_manager or sn_kmf.cryptographic_auditor role to other users and has read, write, and execution permissions for key operations. |
|
Enterprise Architecture |
sn_apm.apm_admin | Role required to administer Enterprise Architecture features and configurations |
|
Event Management |
evt_mgmt_admin | Role required to have full access to configure Event Management, including event rules, field mapping, alert management rules, and more. |
|
External Content Connectors |
sn_ext_conn.xcc_admin | Role required for management of external content connector configuration settings. Can create, read, update, and delete connectors, schedule and run connector crawls, and view crawl logs and analytics. |
|
Flow Designer UI |
flow_admin | Role required to have admin access for all flow designer tables. |
|
Flow Engines |
flow_admin | Role required to work with backend tables of flow_designer. |
|
FSC-Accounts Payable Invoice Processing |
sn_ap_apm.admin | Role required to have admin access for Accounts Payable Invoice Processing. |
|
FSC-Accounts Payable Invoice Processing |
sn_ap_apm.invoice_tolerance_admin | Role required to configure tolerances in Accounts Payable Invoice Processing. |
|
FSC-Accounts Payable Invoice Processing |
sn_ap_cm.admin | Role required to have admin access for Invoice case management. |
|
FSC-Finance Case Management |
sn_fin_ops.admin | Role required to access all the features and capabilities of Finance Case Management, including Finance Operations workspace. |
|
FSC-Integrations |
sn_fcms_intg.admin | Role required to have administrative access for the ERP Integration Framework, inheriting sn_fcms_intg.integration_user and granting admin-level access to manage integration configurations, data, and operations. |
|
FSC - Purchase Order Management |
sn_poem_core.admin | Role required to have admin access for Purchase Order Management. |
|
FSC-SLO |
sn_slm.admin | This role provides full administrative access to manage supplier-related processes and includes elevated permissions such assn_slm.manager,
decision_table_admin,sn_fin.supplier_payment_info_write,sn_vdr_risk_asmt.vendor_assessor, andsn_shop.shopper. Users who need complete control over supplier
management, vendor assessments, payment information, and related workflows across the SLM application. |
|
FSC-SLO |
sn_kpi.admin | Provides full administrative access to manage and configure all aspects of the KPI Framework, including creating, editing, deleting KPIs, and configuring KPI definitions. |
|
FSC-SPO |
sn_fin.finance_admin | Role required to generate fiscal and accounting periods. |
|
FSC-SPO |
sn_shop.procurement_administrator | Role required to access the primary data and administration sections of the Purchase Automation module. |
|
FSC-SPO |
sn_shop.shopping_hub_admin | Role required to access all modules of the Source-to-Pay Common Architecture application. |
|
FSC-SPO |
sn_spend_psd.psd_admin | Role required to configure and make changes to system properties, such as creating request types and categories. |
|
FSC-SPO |
sn_spend_sdc.admin | Role required to access Service Task and Service Request tables, which extends to Procurement Case Management, as well as other infrastructure that forms the foundation of Finance and Supply Chain Workflows products. |
|
FSM-Plan Schedule |
dynamic_scheduling_admin | Role required to perform administration configuration for Dynamic Scheduling Application. |
|
FSM-Plan Schedule |
sn_task_recommend.task_rec_admin | Role required to have granular admin access for Intelligent Task Recommendations (sn_task_recommend) plugin. |
|
FSM-Plan Schedule |
timecard_admin | Role required to have write access to all time cards, otherwise users only have access to their own timecards. |
|
FSM-Plan Schedule |
sn_task_grouping.admin | Role required to have admin access for Task Grouping Feature. |
|
FSM-Plan Schedule |
wm_admin | Role required to have admin access for Work Order Management users. |
|
Gen AI Controller |
global_genai_admin | Role required to have access to certain GenAI tables that are hosted in the global domain. |
|
Grants Management |
sn_gsm_grnt_mgmt.grant_admin | Role required to provide delegated admin access to the Grants Management application. |
|
GRC |
sn_rec_pg_vertical.admin | Role required to have admin access for Record - vertical. |
|
GRC-AI Risk and Compliance Management |
sn_ai_case_mgmt.ai_case_admin | Role required to have admin access for AI Case Management. |
|
GRC-AI Risk and Compliance Management |
sn_grc_ai_gov.ai_risk_and_compliance_admin | Role required to have admin access for AI Risk and Compliance Management. |
|
GRC-AI Risk and Compliance Management |
sn_privacy.admin | Role required to be responsible for configuring privacy management solution as a Privacy Admin. |
|
GRC-Corp Compliance |
sn_audit.admin | Role required to have admin access for Audit related plugins. |
|
GRC-Corp Compliance |
sn_compliance.admin | Role required to have admin access for GRC Compliance related plugins. |
|
GRC-Corp Compliance |
sn_grc.admin | Role required to have admin access for GRC core-related plugins. |
|
GRC-Corp Compliance |
sn_grc_advanced.evidence_admin | Role required to access Evidence-related objects as a feature role. |
|
GRC-Corp Compliance |
sn_grc_reg_change.it_admin | Role required to have IT admin access for GRC: reg change management plugin and set up integrations with third-party regulatory intelligence providers. |
|
GRC-Corp Compliance |
sn_grc_taxonomy.taxonomy_admin | Role required to have admin access for GRC: Taxonomy. |
|
GRC-Formula builder |
sn_fb_connected.admin | Role required to have admin access for formula builder application. |
|
GRC-Operational resilience |
sn_oper_res.admin | Role required to create and delete some operational resilience activities. |
|
GRC-Operational resilience |
sn_oper_res.irm_opres_admin | Role required to create and delete both operational resilience activities and IRM activities. |
|
HRSD-Case and Knowledge Management |
sn_hr_core.admin | Role required to have full HR administrator access — can configure all HR settings, assign roles, and access all HR data. |
|
HRSD-Case and Knowledge Management |
sn_hr_er.admin | Role required tohave full administrator access to ER module configuration, case management, and setup. |
|
HRSD-Case and Knowledge Management |
sn_em.admin | Role required to access and configure all areas within Evidence Management. |
|
HRSD-Case and Knowledge Management |
sn_interview_temp.admin | Role required to access, read, create, and edit interview question templates, template tags, and Employee Relations properties. |
|
HRSD-Case and Knowledge Management |
sn_hr_ef.admin | Role required to assign EDM roles, search/read/create/update employee documents, and manage administration including retention periods, retention policies, security policies, and document types |
|
HRSD-Case and Knowledge Management |
sn_sp_admin_ws.admin | Role required to access workspace and see a consolidated view of the demand and consumption of services offered to customers. |
|
HRSD-Case and Knowledge Management |
sn_hr_ra.admin | Role required to configure HR related Recommended Context tables to show different recommendations in HR Agent |
|
HRSD-Hiring Experiences |
sn_ta_hiring_core.admin | Role required to have super admin access to the Hiring Experiences environment. |
|
HRSD-Hiring Experiences |
sn_ta_tp.talent_profile_admin | Role required to have admin access to set up Talent Profile. |
|
HRSD-Talent Experience |
sn_egd_core.admin | Role required to have admin access for talent development core. |
|
HRSD-Talent Experience |
sn_egd_shared_lib.admin | Role required to have admin access for the shared library across HR. |
|
HRSD-Talent Experience |
sn_hr_lm.admin | Role required to track HR license usage by customer as an admin. |
|
HRSD-Talent Experience |
sn_td_na.admin | Role required to have admin access for Now Assist for talent. |
|
Health and Safety |
sn_ohs_im.admin | Role required to have admin access for Health and Safety applications. |
|
Identity |
agent_role_config_admin | Role required to access and modify Agent role configurations (role masking). |
|
Identity |
mi_admin | Role required to have admin access for Machine Identity Console. It's a high privilege as it contains other admin roles, assign carefully. |
|
Identity |
privileged_role_config_admin | Role required to configure which roles are designated as privileged in the system. |
|
Identity |
role_delegator_admin | Role required to have admin access for Role delegation feature. |
|
Identity |
scim_client_config_admin | Role required to access and modify SCIM client configurations. |
|
Identity |
scim_config_admin | Role required to access and modify SCIM provider-related configurations such as SCIM extension schema and SCIM system properties. |
|
IH Core |
connection_admin | Role required to have access to Connections [sys_connection] and Credentials [discovery_credentials] table. |
|
IH Core |
credential_admin | Role required to have access to Credentials [discovery_credentials] table. |
|
IH Core |
ih_process_sync_admin | Role required to create, edit, or delete Process Sync related tables. |
|
Industrial Connected Workforce |
sn_icw.application_admin | Role required to have application admin access for Industrial Connected Workforce. |
|
Industry Banking |
sn_appss.admin | Role required to create, update, delete, and read request types, inputs, outputs, and definitions. |
|
Industry Banking |
sn_bom.admin | Role required to have access to all the banking data entities, plus admin privileges as the banking admin. |
|
Industry Banking |
sn_bom.service_definition_admin | Role required to have full access to the service definition records as the FSO service definition admin. |
|
Industry Banking |
sn_bom_clo_b2b.admin | Role required to have access to all Business customers' life-cycle operations data and admin privileges. |
|
Industry Banking |
sn_bom_clo_b2c.admin | Role required to have access to all personal customers life-cycle operations data and admin privileges related to personal customers life-cycle operations. |
|
Industry Banking |
sn_bom_compl.admin | Role required to have access to all complaint operations data and admin privileges as the Financial Services Complaint Admin. |
|
Industry Banking |
sn_bom_credit_asmt.admin | Role required to have access to all credit assessment data and admin privileges. |
|
Industry Banking |
sn_bom_credit_card.admin | Role required to have access to all credit card service tasks and admin privileges. |
|
Industry Banking |
sn_bom_deposit_b2b.admin | Role required to have access to all Business Deposit Operations data and admin privileges. |
|
Industry Banking |
sn_bom_deposit_b2c.admin | Role required to have access to all personal deposit operations data and admin privileges. |
|
Industry Banking |
sn_bom_fraud.admin | Role required to have access to all Fraud Operations data and admin privileges. |
|
Industry Banking |
sn_bom_kyc.admin | Role required to have access to all Business KYC operations data and admin privileges. |
|
Industry Banking |
sn_bom_loan.b2c_admin | Role required to have access to all loan operations data and admin privileges. |
|
Industry Banking |
sn_bom_loan_b2b.admin | Role required to have access to all Business loan operations data and admin privileges. |
|
Industry Banking |
sn_bom_pa.admin | Role required to have access to all the banking data entities as the performance analytics admin, plus admin privileges. |
|
Industry Banking |
sn_bom_payment.admin | Role required to have access to all payment operations data and admin privileges. |
|
Industry Banking |
sn_bom_po.admin | Role required to have admin privileges. |
|
Industry Banking |
sn_bom_remote.admin | Role required to have access to all remote data and admin privileges as the FSO Remote Tables and Lookup Admin. |
|
Industry Banking |
sn_bom_treasury.admin | Role required to have access to all treasury operations data and admin privileges related to treasury operations. |
|
Industry Banking |
sn_data_sec.admin | Role required to have access to the Tokenizer Resource Configuration table and admin privileges. |
|
Industry Banking |
sn_doc_processor.admin | Role required to have access to all document entities and admin privileges. |
|
Industry Banking |
sn_evnt_inq.admin | Role required to have admin access for Event Inquiry. |
|
Industry Banking |
sn_fso_intg_friss.admin | Role required to manage the flows for FRISS integration. |
|
Industry Banking |
sn_fso_intg_jha.admin | Role required to manage the flows for JHA integration. |
|
Industry Banking |
sn_ins_claim.admin | Role required to have access to all Insurance Claims Core tables and admin privileges. |
|
Industry Banking |
sn_ins_claim_cml.admin | Role required to have access to all Commercial claim operations data and admin privileges. |
|
Industry Banking |
sn_ins_claim_indl.admin | Role required to have access to all Individual Life claim operations data and admin privileges. |
|
Industry Banking |
sn_ins_claim_pers.admin | Role required to have access to all Personal claim operations data and admin privileges. |
|
Industry Banking |
sn_ins_gen_claim.admin | Role required to have access to all Insurance claims operations data and admin privileges. |
|
Industry Banking |
sn_ins_group_life.admin | Role required to have access to all Group Life and Disability Servicing data and admin privileges. |
|
Industry Banking |
sn_ins_group_uw.admin | Role required to have access to all Group Life and Disability Underwriting operations data and admin privileges. |
|
Industry Banking |
sn_ins_indiv_life.admin | Role required to have access to all Individual Life Servicing operations data and admin privileges. |
|
Industry Banking |
sn_ins_indiv_uw.admin | Role required to have access to all individual life insurance underwriting operations data and admin privileges. |
|
Industry Banking |
sn_ins_policy_b2b.admin | Role required to have access to all Commercial policy operations data and admin privileges. |
|
Industry Banking |
sn_ins_policy_b2c.admin | Role required to have admin access for Personal lines policy cases. |
|
Industry Banking |
sn_ins_siu.admin | Role required to have access to all SIU data and admin privileges. |
|
Industry Banking |
sn_ins_underwrite.admin | Role required to have access to all insurance underwriting operations data and admin privileges. |
|
Industry Banking |
sn_ins_uw_b2b.admin | Role required to have access to all Insurance commercial underwriting operations data and admin privileges. |
|
Industry Banking |
sn_jha_spoke.admin | Role required to have admin access for JHA. |
|
Industry Banking |
sn_payment_card.admin | Role required to create, read, write, and delete Payment Card records. |
|
Industry Banking |
sn_req_criteria.admin | Role required to have access to all the service request criteria data entities as the admin. |
|
Information Request Playbook |
sn_gsm_info_req.admin | Role required to provide delegated admin access to the Information Request Playbook application. |
|
IntegrationHub-Finance and Operations Spoke |
sn_ms_fin_ops_spk.admin | Role required to have admin access for the Microsoft Dynamics 365 for Finance and Operations Spoke. |
|
IntegrationHub-Finance and Operations Spoke |
sn_onedrive_spoke.Microsoft_OneDrive_Admin | Role required to have admin access for the Microsoft Dynamics 365 for Finance and Operations Spoke. |
|
IntegrationHub-Finance and Operations Spoke |
sn_uipath_spoke.uipath_admin | Role required to have admin access for UiPath spoke tables. |
|
ITAM |
asset_licensing_admin | Role required to have granular admin access for ITAM licensing capabilities. |
|
ITAM |
asset_recommendation_admin | Role required to have granular admin access for Recommendations capabilities. |
|
ITAM |
asset_system_admin | Role required to have granular admin access for Asset management capabilities. |
|
ITAM |
asset_task_admin | Role required to have access to create and delete for asset task table. |
|
ITAM |
contract_system_admin | Role required to have granular admin access for Contract capabilities. |
|
ITAM |
procurement_system_admin | Role required to have granular admin access for Procurement capabilities. |
|
ITAM-CCM |
sn_cld_intg_core.cloud_integrations_admin | Role required to configure Billing Download jobs and Price Sheet Download jobs. |
|
ITAM-CCM |
sn_cld_intg_core.read | Role required to give access to all the persons for a specific table (this is strictly for internal purpose and won’t be exposed to the customer). |
|
ITAM-CCM |
sn_cld_spend_core.spend_admin | Role required to have access to spend dashboards and tables. |
|
ITAM-CCM |
sn_clin_core.insights_admin | Role required to have complete access to whole application as a super user and access to modify scripts and flows. |
|
ITAM-EAM |
sn_eam.enterprise_admin | Role required to have access to entire enterprise application. |
|
ITAM-EAM |
asset_aia_admin | Role required to have access to ITAM agents capabilities. |
|
ITAM-EAM |
asset_integration_admin | Role required to have access to integration capabilities. |
|
ITAM-HAM |
asset_aia_admin | Role required to have access to ITAM agents capabilities. |
|
ITAM-HAM |
asset_integration_admin | Role required to have access to integration capabilities. |
|
ITAM-HAM |
sn_hamp.ham_system_admin | Role required to have granular admin access for Advanced Shipment Notification (ASN). |
| ITAM-SAM | sam_admin | Role required to have access to the entire Software Asset Management application. |
| ITAM-SAM | sam_integrator | Role required to create and manage SaaS integration profiles. |
|
ITOM-Agent Framework |
agent_client_collector_admin | Role required to have admin privileges for management of the agent client collector store application. |
|
ITOM-CA |
sn__itom_ccg.admin | Role required to have admin access for Cloud Configuration Governance set of apps. |
|
ITOM-Cloud Configuration Governance |
sn_cmp.cloud_root_admin | Role required to have admin access for Cloud Provisioning and Governance set of Apps. |
|
ITOM-Cloud Configuration Governance |
sn_itom_cam.cw_admin | Role required to have admin access for Cloud Workspace Application. |
|
ITOM-Certificate Inventory and Management |
sn_disco_certmgmt.pki_admin | Role required to have granular admin access for Certificate Inventory and Management. |
|
ITOM-Certificate Inventory and Management |
sn_disco_firewall.firewall_admin | Role required to change non-standard attributes (not present in the original firewall) for a firewall record like, status, purpose, etc. The attributes present in the firewall are immutable. |
|
ITOM-Certificate Inventory and Management |
sn_itom_licensing.admin | Role required to configuration access for ITOM/OT SU Licensing. |
|
ITOM-Tag Governance |
sn_itom_tag.tag_governance_admin | Role required to have granular configuration access for Tag Governance. |
|
ITOM-Discovery |
discovery_admin | Role required to access the "Discovery" and "Discovery Definition" applications to configure, monitor, and run Discovery operations. |
|
ITOM-Leap |
sn_itom_leap.leap_admin | Role required to have admin access to leap application, enabling users to activate skills and create artifacts. |
|
ITSM-FE |
sn_sow_admin.sn_sow_admin | Role required to oversee service operations workspace-related configurations as sn_sow_admin and help customer admin to configure product features and maintain organizational policies. |
|
ITSM-Incident Management |
sn_incident_admin | Role required to configure all Incident Management features including incident management properties. |
|
ITSM-Major Incident Management |
sn_mim_admin | Role required to configure all Major Incident Management features including major incident properties and trigger rules. |
|
ITSM-Incident Communications Management |
sn_iam_admin | Role required to configure all Incident Communications Management features including creating, editing, or canceling incident communication plan, communication task, and managing contact information. Additionally, this role can administrate all Incident Communications Management capabilities. |
|
ITSM-Contact Management |
sn_contact_admin | Role required to configure all Contact Management features including creating and editing contact definitions, contact responsibilities, configuration of MI users, recipient lists, and groups. |
|
ITSM-Task Communications Management |
sn_tcm_admin | Role required to configure all Task Communications Management features including communication plans and tasks. |
|
ITSM-Task Outage |
sn_task_outage_admin |
Role required to configure all Task Outage features including the mapping between the Task [task] table and the Outage [cmdb_ci_outage] table. |
|
ITSM-Change Management |
sn_change_admin | Role required to configure Change Management features and system properties. |
|
Journey Accelerator |
[sn_ja.admin] | Role required to create and manage all Journey Accelerator components, tables, and data. |
|
Journey Designer |
[sn_jny.admin] | Role required to create and manage all Journey designer and Journey Accelerator configurations and features. |
|
Key Management Framework |
sn_kmf.admin | Role required to assigns roles to other users to perform operations around the ServiceNow Key Management Framework. |
|
Knowledge management |
knowledge_Admin | Role required to have admin access for Knowledge management. |
|
Lifecycle Events |
sn_hr_le.admin | Role required to create, manage, and add users to groups within Lifecycle Events. |
|
Localization Framework |
localization_admin | Role that manages the Localization Framework application. This role is also used in Localization Workspace. |
LSD - Legal Request Management |
sn_lg_ops.legal_admin | Role required for administrative access to all legal apps and the underlying data. |
|
LSD - Legal Request Management |
sn_lg_ops.request_admin | Role required for administrative access to the Legal Request module with full access to data. |
|
LSD - Legal Request Management |
sn_lg_ops.legal_assignment_rules_admin | Role required for administrative access to the Assignment Rules module in legal apps. |
|
LSD - Legal Request Management |
sn_lg_ops.legal_catalog_admin | Role required for administrative access to the Catalog administration module in legal apps. |
|
LSD - Legal Request Management |
sn_lg_ops.legal_notification_admin | Role required for administrative access to the Notifications module in legal apps to configure email notifications. |
|
LSD - Legal Matter Management |
sn_lg_matter.matter_admin | Role required for the administrative access to legal matters and the underlying data. |
|
LSD-Legal Content Review |
sn_lg_cont_review.admin | Role required for administrative access to the Legal Content Review feature and its underlying data. |
|
LSD-Legal Digital Forensics |
sn_lg_forensics.forensics_admin | Role required for administrative access to the Legal Digital Forensics app and full access to the underlying data. |
|
LSD - Legal Investigations |
sn_lg_investigate.admin | Role required for administrative access to the Legal Investigations app and full access to the underlying data. |
|
LSD - Legal Simple Privacy |
sn_lg_simple_priva.privacy_admin | Role required for administrative access to the Legal Simple Privacy app and full access to the underlying data. |
|
LSD- Gifts and Entertainment Compliance |
sn_lg_gifts.gifts_admin | Role required for administrative access to the Gifts & Entertainment app and full access to the underlying data. |
|
LSD - Legal Conflict of Interest |
sn_lg_coi.coi_admin | Role required for administrative access to the Legal Conflict of Interest app and full access to the underlying data. |
|
LSD - Legal Hold Notification |
sn_Ig_hold.legal_hold_admin | Role required for administrative access to the Legal Hold Notification app and full access to the underlying data. |
|
LSD - Now Assist for Legal Service Delivery |
sn_lg_gen_ai.admin | Role required for administrative access to the Now Assist for Legal Service Delivery application. |
|
LSD - Contract Management Pro for Legal Service Delivery |
sn_lg_cnt.contract_admin | Role required for administrative access to the Contract Management Pro for Legal Service Delivery app and full access to the underlying data. |
|
LSD - Advanced Work Assignment for Legal Service Delivery |
sn_lg_awa.admin | Role required for administrative access to the Advanced Work Assignment for for Legal Service Delivery applications. |
|
LSD - Legal Counsel Center |
sn_lg_cf_workspace.admin | Role required to change the Legal Counsel Center Workspace for Legal Request Management to fit into the business or user requirements. |
|
LSD - External Legal Service Center |
sn_lg_ext_portal.ext_admin | Role required for administrative access to the External Legal Service Centre application and full access to underlying data. |
|
LSD - Legal and Contracts Common Utilities |
sn_lco_cmn.admin | Role required for administrative access to Legal and Contracts Common Utilities records. |
|
Mobile |
mobile_admin | Role required to configure mobile applications. |
|
Notification |
email_admin | Role required to perform resend email and reprocess inbound email functionality. |
|
Notification |
email_bounce_admin | Role required to administer email bounce functionality. |
|
Notification |
email_digest_admin | Role required to monitor email digest. |
|
Notification |
notification_admin | Role required to configure notifications. |
|
Notification |
notification_category_admin | Role required to configure notification category. |
|
Notification |
notification_classification_admin | Role required to configure notification classification. |
|
Notification |
portal_notification_pref_admin | Role required to configure sys_recipient_user_mapping table. |
|
Notification |
push_admin | Role required to manage push notifications. |
|
Notification |
smime_certificate_admin | Role required to administer SMIME public certificate. |
|
Notify |
notify_setup_admin | Role required to configure Notify features and system properties. |
|
Now Assist-CSM |
sn_customerservice_agent | Role required to enable Now Assist for CSM Gen AI skills for customer service agents. It grants access to all Now Assist for CSM skills such as Generate Resolution Notes, Case Summarization, and Chat Summarization. |
|
Now Assist- CSM |
sn_customerservice.consumer_agent | Role required to enable Now Assist for CSM Gen AI skills for customer service agents. It grants access to all Now Assist for CSM skills such as Generate Resolution Notes, Case Summarization, and Chat Summarization. |
|
Now Assist-TMT |
sn_tmt_agentic_ai.app_admin | Role required to manage the Telecommunications Media and Technology AI agent collection. |
|
On-Call Scheduling |
sn_on_call_admin | Role required to configure On-Call Scheduling features and system properties. |
|
Operational Technology-CMDB |
cmdb_ot_admin | Role required to manage all OT CMDB tables and records as an admin. |
|
Operational Technology-ISA |
cmdb_ot_isa_admin | Role required to manage all ISA Equipment Model records and Equipment Model Template records as an admin. |
|
Operational Technology-Industrial Process Health |
ot_health_admin | Role required to have admin access to Industrial process health application and related functions. |
|
Operational Technology-Subnet Mapping |
sn_ot_amazing_admin | Role required to manage OT Subnet Mapping records in 'ot_subnet_mapping' table and OT Subnet Mapping properties as an admin. |
|
Operational Technology-Change Management |
sn_ot_change_admin | Role required to have admin access to the OT Change Management Application and related functions. |
|
Operational Technology-Incident Management |
sn_ot_incident_admin | Role required to have admin access to the OT Incident Management Application and related functions. |
|
Operational Technology-Vulnerability Integration |
sn_otvr.integration_admin | Role required to have admin access for OT Vulnerability Integration application. |
|
Operational Technology-Risk Score Calculator application |
sn_risk_score_calc.admin | Role required to have admin access to Risk Score Calculator application and related functions. |
|
Outlook Actionable Messages integration |
oam_admin | Role required to access and manage Outlook Actionable Messages configurations, including system properties and OAM definitions. |
|
Password policy |
password_policy_admin | Role required to configure password policy-related items. |
|
Password Reset |
password_reset_admin | Role required to configure Password Reset features and system properties. |
|
Platform |
source_control_admin | Role required to perform all source control functionality. |
|
Platform |
update_set_admin | Role required to create, delete, and manage Update Sets. |
|
Platform |
cds_client_admin | Role required to have admin access for client-side framework of Canonical Data Services (CDS). |
|
Platform |
cluster_node_admin | Role required to have admin access for instance node and cluster configuration (VNCC) related tables. |
|
Platform |
nds_admin | Role required to have admin access for Normalization Data Services. |
|
Platform |
normalizer | Role required to have admin access for Field Normalization feature. |
|
Platform Server-Side Scripting |
script_include_admin | Role required to have granular access to sys_script_include. |
|
Platform Server-Side Scripting |
sys_es_latest_script_admin | Role required to have granular access to sys_es_latest_script. |
|
Platform Server-Side Scripting |
sysevent_script_action_admin | Role required to have granular access to sysevent_script_action_admin. |
|
Platform Data Fabric |
df_connection_admin | Role required to establish connection to available data sources as a connection admin, and manage access to these connections for data steward users. |
|
Platform Deployment Analyzer |
deployment_analyzer_admin | Role required to access Deployment Analyzer tables to set up and see results for Deployment Analyzer. Doesn’t have access to create script includes. |
|
Platform Dev Sandbox |
sandbox_manager | Role required to manage the life-cycle of all developer sandboxes as a Sandbox Manager. |
|
Platform Event Processing |
events_admin | Role required to be a System Events administrator involved in the events processing feature of the system. |
|
Platform ISM |
response_header_admin | Role required to have read, write, create, delete, and list_edit access for records in HTTP Response Header table (sys_response_header). |
|
Platform Scheduler |
app_resource_quota_admin | Role required to configure and manage Application Resource Quotas plugin. |
|
Platform Scheduler |
business_calendar_admin | Role required to configure and manage plugins and features related to business calendars (com.glide.business_calendars, com.glide.business_calendars.scheduled_jobs). |
|
Platform Scheduler |
system_scheduler_admin | Role required to configure and manage scheduler-related plugins and features (com.glide.system_scheduler, com.snc.automation, com.snc.automation_time_zone, com.glide.stats.scheduler) and access Scheduled Jobs dashboard in System Events and Jobs Dashboard plugin (com.sn_async_dashboard). |
|
Plato Predictive Intelligence |
ml_admin | Role required to have access to create and retrain classification, similarity, and clustering models. |
|
Playbook |
playbook.admin | Role required to have Playbook Admin access. Contains pd_content_author, pd_operator, pd_trigger_author, pd_author, playbook.localization, and pd_cancel. |
|
Process Mining |
sn_process_mining_admin | Role required to have admin access only for Process Mining workspace and can do certain actions limited to process mining only. |
|
Public Sector Digital Services |
sn_gsm.admin | Role required to provide delegated admin access to scoped applications built on the Public Sector Digital Services platform. |
|
Role delegation |
role_delegator_admin | Role required for role delegation. |
|
Roles |
user_role_history_admin | Role required to manage perform specific role related operations. |
|
Retail |
sn_retail.ro_admin | Role required to create new retail organization and add members to the organization. |
|
Search |
ais_admin | Role required to administrate and configure AI Search functionality. Includes Search Applications, Search Profiles, Search Sources, Indexed Sources, and Properties necessary for administrating and configuring AI Search. |
|
Search |
ts_admin | Role required to administrate and configure text search on an instance, enabling adjusting of ts_weights and viewing or changing properties necessary for Text Search Administration. |
|
Search UX |
ais_admin | Role required to migrate admin ACLs to a more granular role for ai-search-admin, semantic_search, com.glide.search.analytics, com.glide.search.signal_data, and com.glide.signals. |
|
Security Center |
sn_vsc.security_center_admin | Role required to have admin access for Security center store application. |
|
Service Applicant Information |
sn_svc_appl_info.admin | Role required to provide delegated admin access to the Service Applicant Information application. |
|
Service Applicant Program Management |
sn_svc_appl_pgm_mg.admin | Role required to provide delegated admin access to the Service Applicant Program Management application. |
|
Service Catalog |
catalog_admin | Role required to manage the Service Catalog application, including catalogs, categories, and items, but not including scripting functions available to administrators. |
|
Service Graph Connectors |
admin | Role required to install and upgrade Service Graph Connectors, including API Service Graph Connectors. Admin users can create a connection, configure connection properties, monitor connections and data imports, run background scripts, and provide access to tables in the global scope. |
|
Service Graph Connectors |
SGC-admin (sn_cmdb_int_util.sgc_admin) | Role required to create, update, and delete connections, configure connectors using the guided setup, and read and write system properties. |
|
Service Graph Connectors |
CMDB installation administrator (cmdb_inst_admin) | Role required to read all Service Graph Connector application modules, read and write system properties, and read records that are owned by other applications and are related to the functionality of Service Graph Connectors. Users with this role can create, update, and delete custom tables, scheduled imports, and data sources. |
|
Service Level Management |
sla_admin | Role required to configure Service Level Management features and system properties. |
|
ServiceNow Studio |
sn_udc.admin | Role required to
|
|
ServiceNow Studio |
sn_prfrd_tables.admin | Role required to configure preferred tables in your instance for Table Builder. |
|
ServiceNow Vault |
sn_vault_console.vault_console_admin | Role required to have a collection of Data Classification admin, Data Privacy admin, and CA Admin roles to execute a template flow and monitor sensitive data. To learn more, see Configuring ServiceNow Vault |
|
ServiceNow Vault |
sn_vault_console.vault_console_auditor | Role required to have a collection of Data Discovery Auditor, Data Classification Auditor, Data Privacy Auditor, and Continuous Auth Auditor roles to view the policies and metrics related to ServiceNow Vault. |
|
ServiceNow for Teams – Core |
sn_now_teams.admin | Role required to manage ServiceNow for Teams configurations, including system properties, Virtual Agent configuration, manifest settings, UI actions, and table-level ACLs. |
|
Smart Operations |
sn_smartops.admin | Role required to serve as the Super Admin for Smart Operations. Has full privileges to perform all CRUD (Create, Read, Update, Delete) operations across Smart Operations tables, APIs, and data brokers. |
|
Social Benefits Playbook |
sn_gsm_soc_bnfts.admin | Role required to provide delegated admin access to the License and Permit Playbook application. |
|
System Engineering Core |
openstack_admin | Role required to have full administrative access to OpenStack compute, storage, and network. |
|
System Engineering Core |
vcenter_admin | Role required to have full administrative access to vCenter: VMs, clusters, storage, and hosts. |
|
System Logs (Log Entry) |
syslog_admin | Provides create/write access to Log Entry (syslog) records. The previous admin role ACL bindings on the syslog table are deleted and replaced with these new granular roles. |
|
Talent Feedback |
[sn_tf.admin] | Role require to manage and configure all Talent Feedback modules. |
|
Task Mining |
sn_tm_core.admin | Role required to have admin access for Process mining application. |
|
Third-party risk management |
sn_vdr_risk_asmt.vendor_risk_admin | Role required to have admin access for third-party risk management. |
| Transaction Part Metrics Logs | txn_part_metrics_admin | Provides create, write, and delete access to the syslog_transaction_part_metrics table. The previous admin role ACL bindings on this table are deleted and replaced with these new granular roles. New ACLs for all five operations (read, create, write, delete, report_view) are introduced, each gated by the appropriate new role. |
|
TSOM Visibility |
tsom_visibility_admin | Role required to manage the operational tasks for the TSOM Visibility application. |
|
TSOM Assurance |
tsom_assurance_admin | Role required to manage the operation tasks (includes administration) for the TSOM Assurance. |
|
UI Builder |
ui_builder_admin | Role required to have admin access for UI Builder. |
|
Usage Analytics |
usage_admin | Role required to have admin access for usage analytics. |
|
Universal Request |
sn_uni_req.ur_admin | Role required to setup and configure Universal Request. |
|
Universal Task |
sn_uni_task.admin | Role required to have full administrator access to Universal Task — configure task types, templates, and settings. |
|
Universal Task |
sn_uni_task.emp_form_admin | Role required to manage employee forms. |
|
Usage Insights |
analytics_admin | Role required to have admin access for Usage Insights. |
|
User Experience-Scope |
sn_cda.analytics_admin | Role required to have access to User Experience resources as Scope app admin. |