As we learned in the last chapter, it's nearly always best practice to assign roles to groups, and then add users to those groups; never to add roles directly to users. This makes role management much, much easier.
Roles in ServiceNow, correspond to specific permissions. They grant access to modules within the platform, and rights to perform certain actions. Some roles, such as the admin role, grant special permissions, such as the ability to modify system records, policies, and scripts. In high security instances, there is an even higher-permissions role, called security_admin. This role grants the ability to modify security rules and run background scripts.
Roles are stored in the Roles [sys_user_role] table, and can be ...