Configure AES personas and roles

  • Release version: Zurich
  • Updated June 2, 2026
  • 4 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Configure AES personas and roles

    In App Engine Studio (AES), staff responsibilities are controlled by assigning specific roles rather than explicit personas. Administrators allocate these roles to manage permissions for configuring and using AES effectively. Understanding and assigning the correct roles ensures that team members can contribute to app development according to their skills and responsibilities.

    Show full answer Show less

    Key Roles and Their Responsibilities

    • Low-code/Citizen Developer: Tech-savvy users who can submit app ideas and build applications in AES without formal coding training. They are part of the snappengstudio.user group and focus on creating, testing, and maintaining apps.
    • App Engine Studio Admin: Manages app development processes, reviews and approves app requests, provisions user access, and oversees deployment and promotion of apps. This role is associated with multiple groups including snappengstudio.admin and appengineadmin.
    • App Template Admin and Author: Template admins control access, activation, and sharing of app templates, while authors create and edit custom templates within AES.
    • Security Admin: Responsible for creating and modifying roles and access control lists at the platform level, essential for updating roles in AES.
    • System Administrator: Holds comprehensive system access, installs and configures AES and related apps, defines environments and pipelines, manages upgrades, and collaborates on platform-wide issues and instance scans.
    • Professional ServiceNow Developer: Skilled developers who collaborate with citizen developers, build complex applications using advanced tools, ensure best practices, and assist in testing and review within AES and ServiceNow Studio.
    • Granular Admin Roles: Specialized admin roles such as AES admin, Collaboration Request Admin, and AES Table Builder Wizard Admin provide focused administrative permissions for specific AES functions, enhancing security and delegation capabilities.

    Practical Application for ServiceNow Customers

    Assigning the appropriate AES roles enables your teams to efficiently contribute to app development projects in alignment with their expertise and security requirements. Low-code developers can rapidly build and iterate on apps, admins maintain oversight and control, and professional developers ensure complex needs are met. Granular admin roles allow for secure and delegated management of AES components.

    Careful role management, especially for system and security admins, helps protect sensitive data and maintain compliance. Understanding these roles supports effective governance, streamlined app lifecycle management, and collaboration across different user types within your ServiceNow environment.

    The responsibilities of your staff are controlled by roles assigned to each member. Personas aren’t explicitly part of App Engine Studio (AES) but administrators assign roles to give team members permission to configure or use AES.

    Low-code/citizen developer
    Low-code/citizen developers are tech savvy and interested in creating apps. Though they might not have formal coding or app development training, citizen developers can submit ideas for new apps and, if approved, build them using AES.
    App Engine Studio admin
    App Engine Studio admins manage all processes related to app development in AES. They review new app ideas, manage app development and deployment, and manage collaborators, usually in the App Engine Management Center.
    App template admin
    The app template admin makes sure that the right people have access to appropriate predefined and custom templates for app development in App Engine Studio.
    App template author
    The app template author creates and edits custom app templates in App Engine Studio and can share them with other users or groups.
    Security admin
    The security admin creates and modifies roles and access control lists for apps. This role is set on the platform level, and it is required for making updates to roles in App Engine Studio.
    System administrator
    The system administrator has access to all system features, functions, and data, regardless of security constraints. Grant this privilege carefully. If you have sensitive information, such as HR records, that you must protect, create a custom admin role for that area and train a person who is authorized to see those records to act as the administrator.
    Professional ServiceNow developer
    Professional ServiceNow developers can work in App Engine Studio, usually as collaborators with citizen developers. Because of their coding knowledge and development background, though, they're more likely to build and customize apps on the ServiceNow AI Platform, using more complex building tools.
    Table 1. Personas for AES
    Persona Roles required Responsibilities
    Low-code/citizen developer App Engine Studio Users group (sn_app_eng_studio.user)
    • Submit requests for new custom applications to build in App Engine Studio.
    • Understand ServiceNow and application development best practices.
    • Build and test applications in App Engine Studio.
    • Submit App Engine Studio applications for IT review.
    • Maintain and change the application during its life cycle if determined during the intake process.

    App Engine Studio User Limited group (sn_app_eng_studio.user)
    • Collaborate with other users on applications they've been given permission to see.
    • Submit App Engine Studio applications for IT review.
    • Understand ServiceNow and application development best practices.
    Note:
    Users in the App Engine Studio User Limited group can't create new apps.
    App Engine Studio admin group
    • atf_test_designer
    • scan_admin
    • app_engine_admin
    • sn_app_eng_studio.admin
    • sn_collab_request.collab_request_admin
    • sn_table_bldr_wzd.table_bldr_wzd_admin
    • Manage App Engine Studio processes and properties.
    • Review and approve/reject submitted application requests based on intake guardrails defined by the system administrator.
    • Provision App Engine Studio user access.
    • Review submitted App Engine Studio applications.
    • Manage deployment requests.
    • Manage promotion of App Engine Studio applications across instances.
    • Execute ATF tests/suites in testing instances.
    • Ensure instance scans run with proper definitions.
    • Collaborate with the system administrator to resolve application conflicts that arise on the platform.
    App template admin app_template_admin
    • Control access to custom and predefined templates.
    • Activate and deactivate templates.
    • Share templates globally or with users and groups.
    App template author app_template_author
    • Create and edit custom templates in App Engine Studio.
    • Share custom templates with users or groups.
    Security admin security_admin
    • Create and modify roles and access control lists.
    • Required for making updates to roles in App Engine Studio.
    System administrator Admin
    • Install and configure App Engine Studio and its dependent apps.
    • Define environments.
    • Configure pipelines.
    • Provision access to the App Engine Studio administrator group.
    • Upgrade the App Engine Studio application, when applicable.
    • Define guardrails for which AES administrators can approve or reject application intake requests.
    • Collaborate with professional ServiceNow developers to create instance scan definitions for the platform.
    • Collaborate with AES administrators to resolve application conflicts that arise on the platform.
    Professional ServiceNow developer
    • atf_test_admin
    • delegated_developer
    • scan_admin
    • sn_app_eng_studio.user
    • sn_collab_request.collab_request_admin
    • Build and test applications in ServiceNow Studio and App Engine Studio
    • Collaborate with citizen developers on an as-needed basis to deliver applications in App Engine Studio, including the following tasks:
      • Ensuring application development and organizational best practices are followed by citizen developers.
      • Helping with review and testing of submitted App Engine Studio applications.
      • Building complex configurations involving UI Builder, Mobile App Builder, Workflow Studio, or other builder tools.
    • Create ATF tests/suites for applications.
    • Collaborate with a system administrator to create instance scan definitions for the platform.
    AES admin sn_app_eng_studio.admin Granular admin role that provides access to App Engine Studio and enables administrative access to AES tables. Can be combined with other granular admin roles or delegated development for additional permissions. For more information about granular admin roles, see Granular admin roles required to secure your instance.
    Collaboration request admin sn_collab_request.collaboration_request_admin Granular admin role that provides administrative access to collaboration tables.
    AES Table Builder Wizard admin sn_table_bldr_wzd.table_bldr_wzd_admin Granular admin role that provides access to manage permissions during table creation in AES.
    Important:
    Granular admin roles cannot manage tables that depend on ServiceNow AI Platform tables, such as the Experience Visibility Control table (sn_udc_experience_visibility_control) or Preferred Tables (sn_preferred_table). To manage such tables, additional granular admin roles are necessary. For more information, see Granular admin roles required to secure your instance.