Dashboard permissions

  • Release version: Zurich
  • Updated July 31, 2025
  • 4 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Dashboard permissions

    Dashboard permissions in ServiceNow provide granular control over who can view, create, edit, share, and delete dashboards. These permissions are managed primarily through the Sharing pane and are influenced by roles, widget access control lists (ACLs), and dashboard ownership. Understanding these permissions enables administrators and users to securely manage dashboard access while ensuring appropriate visibility of data.

    Show full answer Show less

    Key Features

    • Roles and Access:
      • Users with any role can create dashboards, share dashboards they own, and edit dashboards they have permission for.
      • Users without roles can only view dashboards shared with them but cannot create or edit.
      • Special roles such as paadmin, papoweruser, dashboardadmin, and admin have elevated permissions, including managing users, groups, roles, and changing ownership.
      • Only dashboard owners and users with dashboardadmin or admin roles can delete dashboards.
    • Widget Permissions and ACLs:
      • Most widgets respect ACLs, restricting data visibility within dashboards.
      • If a user lacks permission for a widget, an empty placeholder is shown.
      • Performance Analytics widgets do not enforce ACLs and are visible to all dashboard viewers.
      • Adding Performance Analytics widgets requires papoweruser, paadmin, or admin roles.
    • Dashboard Sharing and Restrictions:
      • Users can restrict dashboard access by role.
      • Administrators can limit the ability to share dashboards.
      • Features like Explicit Roles and Domain Separation impact who can view or edit dashboards.
      • Dashboard group permissions and the "Restrict to role" setting affect access control.

    Practical Implications for ServiceNow Customers

    • When setting up dashboards, assign roles carefully to control creation, editing, and sharing capabilities.
    • Ensure users have the necessary roles to access underlying data shown in dashboard widgets.
    • Use role restrictions and dashboard groups to organize and secure dashboard visibility efficiently.
    • For Performance Analytics, assign appropriate roles to manage widget addition and understand that data visibility is governed by roles and facts table ACLs for real-time scores.
    • Be aware that dashboard owners hold significant control, including sharing and deletion rights.
    • Consider domain separation and explicit role settings if your organization uses these features, as they affect dashboard access.

    Dashboards have special granular view and edit permissions that are managed from the Sharing pane. Access control lists (ACLs) apply to most widgets that are added to dashboards.

    • Users with any role can create dashboards, share dashboards that they own with users and groups, and edit dashboards if they have been given edit permissions. Users with any role can restrict access by role to any dashboard that they have created. The user also needs whatever roles are necessary to access the specific data on the dashboards.
    • Users without a role can view dashboards that have been shared with them, but cannot create or edit dashboards.
    • Users with pa_admin and pa_power_user roles can manage users, groups, and roles on any dashboard that they can edit. For more information, see Performance Analytics roles.
    • Users with the dashboard_admin or admin role can edit and manage users, groups, and roles for any dashboard. Admin and dashboard_admin users can also change a dashboard owner at any time.
    • Only a dashboard owner and users with the dashboard_admin or admin role can delete that dashboard.
    • The ability of users to share dashboards may be limited by the administrator. For more information, see Responsive dashboard properties.
    • If Explicit Roles are activated, dashboards are treated as internal resources. Users with the snc_external role cannot view dashboards by default. For more information, see Explicit Roles.
    • Domain separation can affect the ability of users to edit dashboards that have been shared with them. For more information, see Domain separation and responsive dashboards.
    Table 1. Dashboard permissions and roles
    View Create Edit Share Delete
    No role Only dashboards that have been shared with them. No No No No
    Any role Dashboards that they create and that have been shared with them. Yes Only dashboards they have created or that have been shared with them with edit rights. Cannot add or remove Performance Analytics widgets without at least pa_power_user rights. Only dashboards they have created and only with users and groups. The ability of users to share dashboards may be limited by the administrator. For more information, see Responsive dashboard properties. Only dashboards they own or have created.
    admin All Yes Edit and manage dashboard owners, users, groups, and roles for any dashboard. Yes Any dashboard
    dashboard_admin All Yes Edit and manage dashboard owners, users, groups, and roles for any dashboard. Yes Any dashboard
    pa_admin Dashboards that they create and that have been shared with them. Yes Only dashboards they have created or that have been shared with them with edit rights. Can add or remove Performance Analytics widgets. Only dashboards they have created and only with users and groups. The ability of users to share dashboards may be limited by the administrator. For more information, see Responsive dashboard properties. Only dashboards they own or have created.
    pa_power_user Dashboards that they create and that have been shared with them. Yes Only dashboards they have created or that have been shared with them with edit rights. Can add or remove Performance Analytics widgets. Only dashboards they have created and only with users and groups. The ability of users to share dashboards may be limited by the administrator. For more information, see Responsive dashboard properties. Only dashboards they own or have created.
    Dashboard owner Yes N/A Yes Yes. The ability of users to share dashboards may be limited by the administrator. For more information, see Responsive dashboard properties. Only dashboards they have created.

    Widget ACLs apply when that widget is added to dashboards (except for Performance Analytics widgets). If a user can view a dashboard but does not have ACLs to view one of its widgets, an empty widget placeholder is displayed. ACLs do not apply to data visualizations that aggregate data, such as pie or bar reports. ACLs always apply to list data that is displayed in widgets. Rows in a list that a user does not have access to are not displayed.

    Note:
    ACLs are not applied to Performance Analytics widgets that are added to dashboards. Any user who can view a dashboard can view all its Performance Analytics widgets. Performance Analytics widgets can only be added to dashboards by users with the pa_power_user, pa_admin, and admin roles.

    However, if a Performance Analytics widget displays real-time scores, the score each logged-in user sees depends on their roles and the ACLs of the facts table. For more information, see Real-time scores.

    The Restrict to role field on the dashboard properties form and dashboard group permissions may have an impact on dashboard permissions. The dashboard owner, and users with pa_power _user, pa_admin, or admin roles can change dashboard properties. Users with the pa_power_user, pa_admin, and admin roles can change dashboard group permissions.

    For example, when you add a pie report widget with 36 records to a dashboard, users who can access to that dashboard and that report can view the report of all 36 records. However, if a user drills down into the list view for that widget, only the records the user is allowed to access are visible.