User access to playbooks in Workflow Studio

  • Release version: Zurich
  • Updated July 31, 2025
  • 3 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of User access to playbooks in Workflow Studio

    ServiceNow administrators control user access to playbooks in Workflow Studio by assigning specific user roles or delegated development permissions. This role-based access management enables fine-grained control over who can view, create, edit, activate, or cancel playbooks and their components, ensuring appropriate permissions are granted based on user responsibilities.

    Show full answer Show less

    Key Features

    • Role-based Playbook Access: Access is primarily managed through roles such as playbook.admin, pdauthor, pdcontentauthor, and others. Each role provides different levels of permissions, from full creation and editing rights to read-only views or cancellation capabilities.
    • Delegated Development Permissions: Administrators can assign delegated development access by creating applications and assigning users developer permissions with playbook delegated development rights. This enables controlled access to features normally restricted to admin users.
    • Role-based Content Filtering: Content filtering definitions and rules allow administrators to specify which playbook content, such as activity and process definitions, users can access based on their roles.
    • Activity Definition Access Controls: The Required Roles field on activity definitions restricts access to certain activities within playbooks. Users without the required roles can view playbooks in a read-only mode.

    Key Outcomes

    • Administrators can tailor access to Workflow Studio playbooks, ensuring users have the appropriate permissions to perform their tasks without unnecessary privileges.
    • Role assignments streamline user onboarding and ongoing permission management by grouping capabilities logically and securely.
    • Content filtering enhances security and compliance by limiting playbook content visibility according to role-based policies.
    • Delegated development enhances flexibility by allowing non-admin users to develop and maintain playbooks within controlled boundaries.

    Administrators can grant users access to playbooks by assigning delegated development permissions or directly assigning a user role. Administrators can also specify which features and content a user can access based on user roles.

    Access by user role

    Administrators can grant access to playbooks in Workflow Studio by directly assigning users the pd_author user role, which includes the role to view activity definitions.

    Table 1. Roles for playbooks in Workflow Studio
    Role Description Contains Roles
    playbook.admin Enables users to:
    • Create, update, and delete trigger definitions.
    • Launch Workflow Studio to create, activate, edit, and delete playbooks.
    • Create, edit, and delete activity definitions.
    • View the Experience activity types (sys_pd_activity) and Experience activity properties (sys_pd_activity_type_prop) tables that are shared by Playbooks and Playbook Experience.
    • pd_author
    • pd_content_author
    • pd_trigger_author
    • pd_operator
    • pd_cancel
    pd_author Enables users to:
    • Launch Workflow Studio to create, activate, edit, and delete playbooks.
    • View all activity definitions.
    • View the Experience activity types (sys_pd_activity) and Experience activity properties (sys_pd_activity_type_prop) tables that are shared by Playbooks and Playbook Experience.
    • pd_shared.user
    • playbook.write
    • playbook.activity_def_read
    pd_content_author Enables users to:
    • Create, edit, and delete activity definitions.
    • Create, edit, and delete trigger definitions.
    • View the Experience activity types (sys_pd_activity) and Experience activity properties (sys_pd_activity_type_prop) tables that are shared by Playbooks and Playbook Experience.
    • pd_trigger_author
    • pd_shared.user
    • playbook.activity_def_read
    pd_trigger_author Enables users to create, update, and delete trigger definitions. none
    pd_operator Enables users to view process executions, activity executions, and execution logs only. none
    pd_shared.user Enables users to view the Experience activity types (sys_pd_activity) and Experience activity properties (sys_pd_activity_type_prop) tables that are shared by Playbooks and Playbook Experience. none
    pd_shared.admin Enables users to edit the Experience activity types (sys_pd_activity) and Experience activity properties (sys_pd_activity_type_prop) tables that are shared by Playbooks and Playbook Experience. pd_shared.user
    pd_cancel Enables users to cancel running playbooks without the playbook.admin role or write access to the parent record. For example if you want to grant an agent manager the ability to cancel playbooks, but not an agent. none
    pd_restarter Enables users to restart active playbooks. none
    playbook.write Enables users who have content filtering restrictions to:
    • Launch Workflow Studio to create, activate, edit, and delete playbooks.
    • View the Experience activity types (sys_pd_activity) and Experience activity properties (sys_pd_activity_type_prop) tables that are shared by Playbooks and Playbook Experience.
    To learn more about content access filtering, see Content filtering for playbooks.    		 pd_shared.user
    playbook.designer_access Enables users who have content filtering restrictions to launch Workflow Studio to view playbooks. To learn more about content access filtering, see Content filtering for playbooks. pd_shared.user
    playbook.activity_def_read Enables users to view all activity definitions as long as there aren't Required Roles. none
    A visual representation of where roles are contained:
    • playbook.admin
      • pd_content_author
        • playbook.activity_def_read
        • pd_shared.user
        • pd_trigger_author
      • pd_operator
      • pd_cancel
      • pd_restarter
      • pd_author
        • playbook.write
          • playbook.designer_access
            • pd_shared.user
            • sn_workflow_studio.workflow_studio_read
              Note:
              This role allows users to launch Workflow Studio, and is not managed by playbook administrators.
            • sn_diagram_builder.db_read
              Note:
              This role allows users to view playbooks in the diagram view in Workflow Studio, and is not managed by playbook administrators.
        • playbook.activity_def_read
      • pd_shared.admin
        • pd_shared.user
    • delegated_developer

    Delegated development access

    Administrators can grant users access to Workflow Studio playbooks by creating an application and assigning users as developers with the playbook delegated development permission. Delegated development allows administrators to control whether playbook authors can access features normally restricted to admin users. For more information, see Developer permissions.

    Role-based content filtering

    Specify the user roles necessary to access Workflow Studio playbook content. For example, activity definitions and process definitions. Manage content filtering by creating content definitions and content filtering rules. For more information, see Content filtering for playbooks.

    Role-based activity definition access

    Manage activity definition access by specifying the Required Roles to access an activity definition. Users who can view the playbook but who do not have the required role to access activities with this activity definition will have a read-only view of the playbook.

    To learn more about activity definitions, see Create an activity definition and Activity definitions.
    Note:
    Both playbook.admin and pd_content_author roles can edit activity definitions, but only the playbook.admin role can edit the Required Roles field.