User roles and user criteria permissions for mobile apps
Summarize
Summary of User roles and user criteria permissions for mobile apps
User roles and user criteria permissions are essential access control mechanisms within ServiceNow’s mobile platform that allow you to manage visibility and access to app features and components. These permissions enable you to tailor the mobile app experience by showing or hiding content based on individual users or user groups, enhancing security and relevance.
Show less
User roles permissions
User roles define access to mobile app features for specified audiences. Assigning roles grants access to all users or groups linked to those roles. Role inheritance simplifies managing permissions by grouping related roles, which is useful as user responsibilities change (e.g., promotions). User roles are stored in the Roles [sysuserrole] table. Roles typically control access to screens and functions within the mobile app.
User criteria permissions
User criteria permissions control access based on user attributes such as department, location, or company. They allow dynamic segmentation of users by defining conditions evaluated against user records, ensuring that only users who meet these criteria see specific content. User criteria are stored in the User Criteria [usercriteria] table. This mechanism is practical for managing group-wide updates, such as changing content visibility when users relocate.
General guidelines
- Choose the appropriate access control mechanism for each mobile app component, as some components support only user roles, others only user criteria, and some support both.
- In the Mobile App Builder, components can be assigned either user roles or user criteria, but not both simultaneously.
- In the web-based UI, both user roles and user criteria can be defined for a component, with the effective control determined by the Access Control Mechanism field.
- Both user roles and user criteria are supported in offline mode, ensuring consistent access control regardless of connectivity.
Practical implications for ServiceNow customers
By leveraging user roles and user criteria permissions, you can precisely control who sees what within your mobile apps, improving user experience and security. Roles are ideal for managing access based on job functions or hierarchy, while user criteria are suited for dynamic group-based access tied to attributes like location or department. Proper planning and understanding of which components each mechanism supports will ensure effective permission management and streamlined administration.
User roles and user criteria permissions are access control mechanisms that enable you to define roles or segment users into groups within the mobile platform. With these permissions, you can show or hide different components of your mobile app to either individuals or groups.
User roles permissions
User roles control access to features and components within mobile apps for defined target audiences. The admin role provides access to all features and capabilities.
After access has been granted to a role, all the groups or users assigned to the role are granted the access. Use role inheritance to group related permissions, making it easier to manage and assign roles. For example, if an employee has been promoted to a sales manager position, you can allocate additional roles to the employee to reflect their new position.
User role records are stored in the Roles [sys_user_role] table. For more information, see Managing roles.
For a list of all the components where you can define user roles and user criteria, see Mobile components where user roles and user criteria permissions apply. Some components apply to both user roles and user criteria, whereas others are mutually exclusive.
User criteria permissions
User criteria permissions are an access control mechanism that enables you to grant users access to mobile app components, based on categories such as departments, locations, or company. User criteria records define conditions that are evaluated against user records. When a user criteria is defined, records are only visible to users who pass the defined conditions.
With user criteria permissions, you can change information within a single area of a group to update all users' details associated within that group. For example, a company relocates, and the management requires that users in the new location have access to different mobile content. Admins can update the user criteria permissions, so that this new content is displayed to all users in this group.
User criteria records are stored in the User Criteria [user_criteria] table.
For a list of all the components where you can define user roles and user criteria, see Mobile components where user roles and user criteria permissions apply. Some components apply to both user roles and user criteria, whereas others are mutually exclusive.
General guidelines for user roles and user criteria in mobile apps
- When defining user roles and user criteria, careful planning is required to ensure that components are associated with the correct access control mechanism.
- Some components can be associated with either user roles and user components, whereas other components are associated with one access control mechanism. For a list of how the components are associated, see Mobile components where user roles and user criteria permissions apply. For example, you can apply user roles to screens and functions. Alternatively, you can apply navigation tabs and icon section destinations to user criteria.
- You can’t select both user roles and user criteria as access control mechanisms for a component in Mobile App Builder. However, in the web-based UI both user roles and user criteria can be defined for a component. In this situation, the operational mechanism is the value defined in the Access Control Mechanism field of the record.
- Both user roles and user criteria are supported in offline.