Using Scoped Administration
The System Administrator is generally responsible for a ServiceNow instance. With the addition of the
security_admin role, an admin user can change security settings, alter logic in Business Rules and see all data elements. Because all admins have all roles, adding a security rule that says that only users who have the x_hotel.team_leader won't restrict an admin.
You may try to script an access control rule to stop admins from carrying out certain functions, or perhaps using the nobody role to disallow everyone. But just as an admin can create these rules, they can delete or change them!
Sometimes however, this is not desirable. Scoped Administration changes this premise by stopping admin users from inheriting a particular ...