User access to playbooks in Workflow Studio

  • Release version: Yokohama
  • Updated January 30, 2025
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of User access to playbooks in Workflow Studio

    ServiceNow administrators control user access to playbooks in Workflow Studio through role assignments or delegated development permissions. Access management allows tailoring what features and content users can see and interact with, ensuring appropriate permissions are granted for creating, editing, viewing, or managing playbooks and related components.

    Show full answer Show less

    Key Features

    • Role-Based Access: Users gain access to playbooks by being assigned specific roles such as pdauthor, playbook.admin, or other defined roles, each granting varying levels of permissions related to creating, editing, viewing, or canceling playbooks and activity definitions.
    • Delegated Development Access: Administrators can assign delegated development permissions by creating applications and designating users as developers. This controls access to advanced features typically reserved for administrators, allowing more granular control over author capabilities.
    • Role-Based Content Filtering: Access to specific playbook content, like activity definitions, can be controlled based on user roles. Content definitions and filtering rules enable administrators to specify which users see particular content, enhancing security and relevance.
    • Activity Definition Access Control: Administrators can specify required roles to access or edit activity definitions. While both playbook.admin and pdcontentauthor roles can edit activity definitions, only playbook.admin can modify the required roles for accessing those definitions.

    Key Outcomes

    • Administrators can precisely manage who can create, modify, or view playbooks and their components, improving governance and security.
    • Delegated development permissions enable flexible authoring capabilities without granting full administrative rights.
    • Content filtering ensures users only access relevant playbook content, simplifying user experience and reducing unauthorized access risks.
    • Role assignments and content filtering combined allow organizations to enforce least privilege principles effectively in Workflow Studio.

    Administrators can grant users access to playbooks by assigning delegated development permissions or directly assigning a user role. Administrators can also specify which features and content a user can access based on user roles.

    Access by user role

    Administrators can grant access to playbooks in Workflow Studio by directly assigning users the pd_author user role, which includes the role to view activity definitions.

    Table 1. Roles for playbooks in Workflow Studio
    Role Description Contains Roles
    playbook.admin Enables users to:
    • Create, update, and delete trigger definitions.
    • Launch Workflow Studio to create, activate, edit, and delete playbooks.
    • Create, edit, and delete activity definitions.
    • View the Experience activity types (sys_pd_activity) and Experience activity properties (sys_pd_activity_type_prop) tables that are shared by Playbooks and Playbook Experience.
    • pd_author
    • pd_content_author
    • pd_trigger_author
    • pd_operator
    • pd_cancel
    pd_author Enables users to:
    • Launch Workflow Studio to create, activate, edit, and delete playbooks.
    • View all activity definitions.
    • View the Experience activity types (sys_pd_activity) and Experience activity properties (sys_pd_activity_type_prop) tables that are shared by Playbooks and Playbook Experience.
    • pd_shared.user
    • playbook.write
    • playbook.activity_def_read
    pd_content_author Enables users to:
    • Create, edit, and delete activity definitions.
    • Create, edit, and delete trigger definitions.
    • View the Experience activity types (sys_pd_activity) and Experience activity properties (sys_pd_activity_type_prop) tables that are shared by Playbooks and Playbook Experience.
    • pd_trigger_author
    • pd_shared.user
    • playbook.activity_def_read
    pd_trigger_author Enables users to create, update, and delete trigger definitions. none
    pd_operator Enables users to view process executions, activity executions, and execution logs only. none
    pd_shared.user Enables users to view the Experience activity types (sys_pd_activity) and Experience activity properties (sys_pd_activity_type_prop) tables that are shared by Playbooks and Playbook Experience. none
    pd_shared.admin Enables users to edit the Experience activity types (sys_pd_activity) and Experience activity properties (sys_pd_activity_type_prop) tables that are shared by Playbooks and Playbook Experience. pd_shared.user
    pd_cancel Enables users to cancel running playbooks without the playbook.admin role or write access to the parent record. For example if you want to grant an agent manager the ability to cancel playbooks, but not an agent. none
    pd_restarter Enables users to restart active playbooks. none
    playbook.write Enables users to:
    • Launch Workflow Studio to create, activate, edit, and delete playbooks.
    • View the Experience activity types (sys_pd_activity) and Experience activity properties (sys_pd_activity_type_prop) tables that are shared by Playbooks and Playbook Experience.
    		 pd_shared.user
    playbook.activity_def_read Enables users to view all activity definitions. none
    A visual representation of where roles are contained:
    • playbook.admin
      • pd_content_author
        • playbook.activity_def_read
        • pd_shared.user
        • pd_trigger_author
      • pd_operator
      • pd_cancel
      • pd_restarter
      • pd_author
        • playbook.write
          • pd_shared.user
          • sn_workflow_studio.workflow_studio_read
            Note:
            This role allows users to launch Workflow Studio, and is not managed by playbook administrators.
          • sn_diagram_builder.db_read
            Note:
            This role allows users to view playbooks in the diagram view in Workflow Studio, and is not managed by playbook administrators.
        • playbook.activity_def_read
      • pd_shared.admin
        • pd_shared.user
    • delegated_developer

    Delegated development access

    Administrators can grant users access to Workflow Studio playbooks by creating an application and assigning users as developers with the playbook delegated development permission. Delegated development allows administrators to control whether playbook authors can access features normally restricted to admin users. For more information, see Developer permissions.

    Role-based content filtering

    Specify the user roles necessary to access Workflow Studio playbook content. For example, activity definitions. Manage content filtering by creating content definitions and content filtering rules. For more information, see Content filtering for playbooks.

    Role-based activity definition access

    Manage activity definition access by specifying the Required Roles to access an activity definition. To learn more about activity definitions, see Activity definitions.


    Required roles field in an activity definition
    Note:
    Both playbook.admin and pd_content_author roles can edit activity definitions, but only the playbook.admin role can edit the Required Roles field.