User role permissions in mobile apps

  • Release version: Zurich
  • Updated July 31, 2025
  • 3 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of User role permissions in mobile apps

    ServiceNow enables you to control access to various components of mobile apps by applying user role permissions. Assigning roles determines which app elements are accessible to specific users or groups, ensuring tailored user experiences based on responsibilities and organizational position. Roles are hierarchical and can be nested to simplify permission management as users change roles within the organization.

    Show full answer Show less

    Key Features

    • Role-Based Access Control: Assign roles to users or groups to control visibility and access to mobile app components.
    • Role Nesting: Roles can include other roles, automatically extending permissions to nested roles for streamlined management.
    • Component-Level Permissions: User roles can be applied to the following mobile app components:
      • Native Client and Applications: Control access to entire applications or app-level functions such as navigation, themes, and offline capabilities.
      • Screens: Restrict access to specific screens, for example, allowing only managers to view employee records.
      • Launcher Screens: Limit visibility of launcher screens to users with particular roles, enabling role-specific app entry points.
      • UI Sections: Control visibility of UI sections within launcher screens based on user roles.
      • Functions: Restrict specific app actions to users with designated roles, such as limiting incident reassignment abilities.
    • Offline Support: User roles apply even when users access the app offline.
    • User Criteria vs. User Roles: Use user roles to segment access by skill or role definition, and user criteria for segmentation by location, department, or group. When both apply, prioritize user roles for better performance and simpler management.

    Practical Application

    By effectively assigning user roles, you can ensure users only see and interact with the parts of the mobile app relevant to their job functions. For example, when an employee moves departments, simply adjust their assigned roles to update their access immediately without manual UI changes. This approach enhances security, simplifies administration, and improves user experience by presenting relevant content.

    If no user roles are assigned to a component, it remains visible to any app user with access, unless user criteria restrict visibility further. Therefore, combining user roles with user criteria allows fine-grained control over component access.

    Control the visibility of different components of mobile apps by applying user role permissions.

    Apply user roles to determine which components are accessible within mobile apps for specific groups of users. The admin role, for instance, enables access to all components. Once a role is assigned, this access extends to all users or groups linked to that role. Additionally, roles can be nested within other roles, so that any permission assigned to one role automatically applies to any inclusive roles.

    For example, if an employee moves from the sales department to the finance department, you can assign them roles that relate to their new position, and remove roles that relate to their former position. This means that the user no longer has access to the UI sections showing sales data visualizations, and instead has access to the UI sections showing financial data visualizations.

    Note:
    If you don't select user roles for any of these components, any user who has access to the mobile app can see that component. However, users still may not see certain components, as user criteria permissions may be defined.

    For a full list of components where you can apply user roles and user criteria, see Mobile components where user roles and user criteria permissions apply.

    User roles are supported in the following components: Native Client, screens, launcher screen, UI sections, and functions.

    Native Client and applications
    Limit a user's ability to access certain applications in the mobile app. For example, prevent IT Service Management (ITSM) users from accessing Field Service Management (FSM) applications. Native Client relates to app level functionality and includes components like mobile themes, empty state, navigation bar, geolocation, and offline. You can also define that users don't have permission to view an app. For example, you want to prevent agents having access to the Now Mobile app.
    Screens
    Allow only users with specified roles to access screens within your mobile applications. For example, enabling only managers to view user records for all their employees. For more information, see  Mobile screen types.
    Launcher screens
    Allow only users with specified roles to access launcher screens within your mobile apps. For example, create a launcher screen that only employees with a manager role can see. Additionally, create a launcher screen with an employee role that everyone can view. For more information on launcher screens, see Launcher screens.
    UI sections
    Limit a user’s ability to access certain UI sections within a launcher screen in the mobile app. For example, assign a development role to certain UI sections, and permit only users with specified development roles to view these UI sections. For more information on launcher screen UI sections, see Launcher screen UI sections.
    Functions
    Only allow users with certain roles to perform specified actions in the app. For example, limit an IT Infrastructure Library (ITIL) user's ability to reassign an incident from a swipe action. For more information on limiting user access by role to a specific function, see the steps for creating each function type listed in Mobile functions.

    General guidelines for using user roles

    • Use user roles if the segmentation is based on the user’s skill and role definition. Use user criteria, if the segmentation is based on things like, location, companies, departments, and groups.
    • Some components can be associated with both user roles and user components, whereas other components are associated with one access control mechanism. For a list of how the components are associated, see Mobile components where user roles and user criteria permissions apply.
    • For components where you can assign both user roles and user criteria, prioritize assigning user roles unless there's a specific need otherwise, as this approach streamlines operations and improves system responsiveness.
    • User roles are supported in offline.