Overview

Creating users, groups, and roles provide a flexible and scalable way to manage access to features on the ServiceNow AI Platform. By creating user accounts, assigning users to groups, and defining roles and permissions, administrators can ensure that users have the appropriate level of access to applications and data. This enables organizations to control access to sensitive data, maintain conformance with regulatory requirements, and improve overall security. Additionally, users, groups, and roles can be easily managed and modified over time as organizational needs change.

Work flow

Subscriptions, users, groups, and roles work together to help you define who can access features on your instance.

1. Subscription Management

   Understand your subscriptions. Subscription management enables you to manage your subscriptions proactively and monitor subscription usage on your instances.

   Subscriptions may include per-user subscriptions. For more information, see Managing per-user subscriptions in Subscription Management.

2. Creating users, companies, and departments

   Create an account record for the individuals who have access to your instance. Each user account has a unique login ID, password, and set of permissions (roles) that define what they can do and access within the platform.

3. Creating groups

   Define groups that have similar roles or permissions. Groups enable you to apply permissions (roles) to multiple users at the same time. When a user is a member of a group, that user has the same permissions that have been defined for the group.

   You can view group members by navigating to All > User Administration > Groups. Select a group name and view the members in the Group Members related list.

4. Managing roles

   Roles describe the types of activities that a user can perform on the instance. Each role has a set of permissions that can govern what the users and groups can do, such as read, write, create, or delete records. Roles can be assigned to users and groups. Users can have multiple roles.

   For a complete list of the roles included with the ServiceNow AI Platform, see Base system roles.

   Role records are stored in the Roles [sys_user_role] table.

5. Monitoring instance usage

   Users with the admin or usage_admin role can view the Application usage overview and ServiceNow Store usage overview dashboards to track instance usage.

6. Monitoring user activity

   Users with the admin role can impersonate users, manage user sessions, and leverage non-interactive sessions.

User preferences

Users can configure many UI features. Some examples include the number of rows per page in a list or whether the response time displays at the bottom of a list or form. Administrators can modify or delete these preferences as needed. For more information, see User preferences.

User groups

A group is a set of users who share a common purpose. Groups may perform tasks such as approving change requests, resolving incidents, receiving email notifications, or performing work order tasks. Any business rules, assignment rules, system roles, or attributes that refer to the group apply to all group members automatically. Users with the user_admin role can create and edit groups.

When possible, simplify user administration by assigning roles to groups. Create groups that contain all the roles necessary for specific personas, and then assign users to those groups.

Group records are stored in the Groups [sys_user_group] table.

User roles

Roles control access to features and capabilities in applications and modules. The admin role provides access to all features and capabilities.

After access has been granted to a role, all the groups or users assigned to the role are granted the access. Roles can contain other roles, and any access granted to a role is granted to any role that contains it.

For a complete list of the roles included with the ServiceNow platform, see Base system roles.

Role records are stored in the Roles [sys_user_role] table.