Using Scoped Administration

The System Administrator is generally responsible for a ServiceNow instance. With the addition of the security_admin role, an admin user can change security settings, alter logic in Business Rules and see all data elements. Because all admins have all roles, adding a security rule that says that only users who have the x_hotel.team_leader won't restrict an admin.

Note

You may try to script an access control rule to stop admins from carrying out certain functions, or perhaps using the nobody role to disallow everyone. But just as an admin can create these rules, they can delete or change them!

Sometimes however, this is not desirable. Scoped Administration changes this premise by stopping admin users from inheriting a particular ...

Get Mastering ServiceNow - Second Edition now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.