Manage Scripting Governance Tool

  • Release version: Zurich
  • Updated April 6, 2026
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Manage Scripting Governance Tool

    The Scripting Governance Tool in ServiceNow helps enforce scripting governance policies by managing user access to scripting capabilities through conditional script writer groups. It ensures that only authorized users can write scripts and maintains audit visibility into scripting access. This tool operates in either an enabled or disabled state and is enabled by default.

    Show full answer Show less

    Key Features

    • Enable/Disable Control: Only users with the securityadmin role can run scripts to enable or disable the tool and modify related properties.
    • Governance Enforcement: When enabled, scripting governance policies and access control lists (ACLs) are actively enforced.
    • User Evaluation and Provisioning: Users are evaluated against scripting access rules and assigned to Conditional Script Writer groups accordingly.
    • Audit and Visibility: Security admins can run scans to identify users with scripting access and manage their group memberships, with audit logs available for oversight.
    • Scheduled Jobs Management: The tool uses scheduled jobs to add or update users in the Conditional Script Writer Group automatically.

    How It Works

    The tool functions in two states:

    • Enabled: Full enforcement of scripting governance, active ACLs, user provisioning to script writer groups, and auditing.
    • Disabled: No enforcement of policies or user evaluations; existing group memberships are preserved but not enforced. The interface remains accessible to security admins but scanning and access management are inactive.

    Practical Steps for Customers

    • To Disable Scripting Governance: Run the Disable Scripting Governance script via the Scheduled Script Executions module (sysautoscriptlist.do). This disables key properties, scheduled jobs, and removes users from the Conditional Script Writer Group through a scheduled job.
    • To Enable Scripting Governance: Run the Enable Scripting Governance script in the same module. This action enables the necessary properties and scheduled jobs, and schedules the job to provision users to the Conditional Script Writer Group.

    Benefits for ServiceNow Customers

    This tool allows customers to maintain strong control over scripting activities within their instance, ensuring compliance with governance policies and reducing risk by managing who can write scripts. It also provides transparency and auditability for security administrators to monitor scripting access and activity effectively.

    Enable or disable the Scripting Governance Tool on your instance by running the appropriate script. Only users with the security_admin role can run these scripts and modify the associated properties.

    Scripting Governance Tool states

    Scripting Governance Tool operates in one of two states. The active state determines whether scripting governance policies are enforced and whether users are provisioned to the Conditional Script Writer group.

    Note:
    • Scripting Governance Tool is enabled by default. You can choose to disable.
    • You must elevate your role to security_admin to enable or disable Scripting Governance Tool.
    Table 1. Scripting Governance Tool states
    States Behavior of Scripting Governance Tool
    Enabled
    • Scripting Governance Tool and all associated ACLs are active on the instance.
    • Users are evaluated against scripting access rules and assigned to the appropriate script writer groups.
    • The security_admin can run scans to identify users with scripting access and manage group membership.
    • Scripting governance policies are enforced across all applicable records and transactions.
    • Audit logs and visibility into scripting access are available to the security admin.
    Disabled
    • Scripting Governance Tool and all associated ACLs are deactivated on the instance.
    • No scripting governance policies are enforced. Users are not evaluated or assigned to script writer groups.
    • Existing group memberships from a prior enabled state are preserved but have no enforcement effect.
    • The Scripting Governance Tool interface remains accessible to the security admin but scanning and access management actions are inactive.
    • Scripting Governance Tool can be re-enabled by the security_admin at any time without data loss.

    Disable scripting governance

    To disable Scripting Governance, navigate All > Scheduled Script Executions (sysauto_script_list.do) and run the Disable Scripting Governance script to deactivate Scripting Governance Tool on your instance.

    Running this script performs the following actions:

    • Disables the glide.security.scripting_role.provisioning_job_running property.
    • Disables the glide.security.scripting_role.auto_provisioning property.
    • Disables the glide.security.scripting_governance.enabled property.
    • Disables the Add Users to Conditional Script Writer Group and Update Users in Conditional Script Writer Group scheduled jobs.
    • Removes all users from the Conditional Script Writer Group through a scheduled job.

    Enable scripting governance

    To enable Scripting Governance, navigate All > Scheduled Script Executions (sysauto_script_list.do) and execute the Enable Scripting Governance script to activate Scripting Governance Tool on your instance.

    Running this script performs the following actions:

    • Enables the glide.security.scripting_role.provisioning_job_running property.
    • Enables the glide.security.scripting_governance.enabled property.
    • Enables the Add Users to Conditional Script Writer Group and Update Users in Conditional Script Writer Group scheduled jobs.
    • Schedules the Add Users to Conditional Script Writer Group job to run.