User roles and user criteria permissions for mobile apps

  • Release version: Yokohama
  • Updated January 30, 2025
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of User roles and user criteria permissions for mobile apps

    User roles and user criteria permissions are essential access control mechanisms within the ServiceNow mobile platform. They enable administrators to control visibility and access to mobile app features and components by defining roles or segmenting users into groups based on various criteria. This functionality ensures that the right users or groups see the appropriate content and capabilities in the mobile app, enhancing security and user experience.

    Show full answer Show less

    User roles permissions

    User roles determine access to features and components for specific target audiences within mobile apps. The admin role inherently has full access. When access is granted to a role, all users or groups assigned to that role inherit the same permissions. Role inheritance allows grouping related permissions for easier management, such as updating roles when an employee changes position.

    User roles are maintained in the Roles [sysuserrole] table. Roles can be applied to components like screens and functions, but not all components support user roles. Proper planning is essential to assign roles correctly.

    User criteria permissions

    User criteria permissions control access based on attributes such as department, location, or company. These permissions define conditions that are evaluated against user records, ensuring that only users meeting specific criteria can view certain components. This mechanism allows easy updates for groups of users, for example, when organizational changes like relocations occur.

    User criteria records are stored in the User Criteria [usercriteria] table. User criteria are typically applied to components like navigation tabs and icon section destinations, with some components exclusively supporting user criteria or user roles.

    General guidelines

    • Careful planning is necessary to assign components to either user roles or user criteria, as some components support only one mechanism while others support both.
    • In Mobile App Builder, a component cannot have both user roles and user criteria assigned simultaneously. However, in the web-based UI, both can be defined, with the operational mechanism determined by the Access Control Mechanism field.
    • Both user roles and user criteria permissions are supported in offline mode.

    Practical implications for ServiceNow customers

    • Use user roles to manage access based on job function or hierarchy, leveraging role inheritance for efficient updates.
    • Use user criteria to segment users by organizational attributes, facilitating group-wide updates and targeted content delivery.
    • Understand which mobile app components support user roles, user criteria, or both to implement access controls appropriately.
    • Regularly review and update roles and user criteria to reflect organizational changes, ensuring secure and relevant mobile app experiences.

    User roles and user criteria permissions are access control mechanisms that enable you to define roles or segment users into groups within the mobile platform. With these permissions, you can show or hide different components of your mobile app to either individuals or groups.

    User roles permissions

    User roles control access to features and components within mobile apps for defined target audiences. The admin role provides access to all features and capabilities.

    After access has been granted to a role, all the groups or users assigned to the role are granted the access. Use role inheritance to group related permissions, making it easier to manage and assign roles. For example, if an employee has been promoted to a sales manager position, you can allocate additional roles to the employee to reflect their new position.

    User role records are stored in the Roles [sys_user_role] table. For more information, see Managing roles.

    For a list of all the components where you can define user roles and user criteria, see Mobile components where user roles and user criteria permissions apply. Some components apply to both user roles and user criteria, whereas others are mutually exclusive.

    User criteria permissions

    User criteria permissions are an access control mechanism that enables you to grant users access to mobile app components, based on categories such as departments, locations, or company.  User criteria records define conditions that are evaluated against user records. When a user criteria is defined, records are only visible to users who pass the defined conditions.

    With user criteria permissions, you can change information within a single area of a group to update all users' details associated within that group. For example, a company relocates, and the management requires that users in the new location have access to different mobile content. Admins can update the user criteria permissions, so that this new content is displayed to all users in this group.

    User criteria records are stored in the User Criteria [user_criteria] table.

    For a list of all the components where you can define user roles and user criteria, see Mobile components where user roles and user criteria permissions apply. Some components apply to both user roles and user criteria, whereas others are mutually exclusive.

    General guidelines for user roles and user criteria in mobile apps

    • When defining user roles and user criteria, careful planning is required to ensure that components are associated with the correct access control mechanism.
    • Some components can be associated with either user roles and user components, whereas other components are associated with one access control mechanism. For a list of how the components are associated, see Mobile components where user roles and user criteria permissions apply. For example, you can apply user roles to screens and functions. Alternatively, you can apply navigation tabs and icon section destinations to user criteria.
    • You can’t select both user roles and user criteria as access control mechanisms for a component in Mobile App Builder. However, in the web-based UI both user roles and user criteria can be defined for a component. In this situation, the operational mechanism is the value defined in the Access Control Mechanism field of the record.
    • Both user roles and user criteria are supported in offline.