User roles and user criteria permissions for mobile apps
Summarize
Summary of User roles and user criteria permissions for mobile apps
User roles and user criteria permissions are key access control mechanisms in the ServiceNow mobile platform that help you manage visibility and access to app features and components. These controls enable you to customize the mobile app experience by showing or hiding specific elements based on the user's role or group membership. This segmentation enhances security and relevance for end users.
Show less
User roles permissions
User roles define access to mobile app features for targeted audiences. Assigning a role to a user or group grants them the associated permissions. Roles can inherit permissions from other roles to simplify management, such as adding sales manager roles to an employee after a promotion. Roles are stored in the Roles [sysuserrole] table. User roles typically govern access to screens and functions within the mobile app.
User criteria permissions
User criteria permissions allow access control based on user attributes like department, location, or company affiliation. These criteria define conditions evaluated against user records, controlling component visibility for users who meet those conditions. This mechanism simplifies updates across user groups, such as adjusting content access when a company relocates. User criteria are stored in the User Criteria [usercriteria] table. User criteria commonly control navigation tabs and icon section destinations.
General guidelines for implementation
- Careful planning is necessary to assign components to the correct access control type, as some components support either user roles or user criteria, while others are restricted to one.
- In Mobile App Builder, you cannot assign both user roles and user criteria to a single component; however, in the web-based UI, both can be defined with the active mechanism determined by the Access Control Mechanism field.
- Both user roles and user criteria permissions are supported for offline use in mobile apps.
Practical application
- Use user roles to manage access to app features based on job function or responsibilities.
- Use user criteria to segment users by organizational attributes, enabling bulk updates to content visibility.
- Refer to the predefined lists of mobile components compatible with user roles or user criteria to correctly assign permissions.
By leveraging user roles and user criteria permissions effectively, ServiceNow customers can ensure that mobile app users see only the relevant content and features, improving user experience and maintaining security compliance.
User roles and user criteria permissions are access control mechanisms that enable you to define roles or segment users into groups within the mobile platform. With these permissions, you can show or hide different components of your mobile app to either individuals or groups.
User roles permissions
User roles control access to features and components within mobile apps for defined target audiences. The admin role provides access to all features and capabilities.
After access has been granted to a role, all the groups or users assigned to the role are granted the access. Use role inheritance to group related permissions, making it easier to manage and assign roles. For example, if an employee has been promoted to a sales manager position, you can allocate additional roles to the employee to reflect their new position.
User role records are stored in the Roles [sys_user_role] table. For more information, see Managing roles.
For a list of all the components where you can define user roles and user criteria, see Mobile components where user roles and user criteria permissions apply. Some components apply to both user roles and user criteria, whereas others are mutually exclusive.
User criteria permissions
User criteria permissions are an access control mechanism that enables you to grant users access to mobile app components, based on categories such as departments, locations, or company. User criteria records define conditions that are evaluated against user records. When a user criteria is defined, records are only visible to users who pass the defined conditions.
With user criteria permissions, you can change information within a single area of a group to update all users' details associated within that group. For example, a company relocates, and the management requires that users in the new location have access to different mobile content. Admins can update the user criteria permissions, so that this new content is displayed to all users in this group.
User criteria records are stored in the User Criteria [user_criteria] table.
For a list of all the components where you can define user roles and user criteria, see Mobile components where user roles and user criteria permissions apply. Some components apply to both user roles and user criteria, whereas others are mutually exclusive.
General guidelines for user roles and user criteria in mobile apps
- When defining user roles and user criteria, careful planning is required to ensure that components are associated with the correct access control mechanism.
- Some components can be associated with either user roles and user components, whereas other components are associated with one access control mechanism. For a list of how the components are associated, see Mobile components where user roles and user criteria permissions apply. For example, you can apply user roles to screens and functions. Alternatively, you can apply navigation tabs and icon section destinations to user criteria.
- You can’t select both user roles and user criteria as access control mechanisms for a component in Mobile App Builder. However, in the web-based UI both user roles and user criteria can be defined for a component. In this situation, the operational mechanism is the value defined in the Access Control Mechanism field of the record.
- Both user roles and user criteria are supported in offline.