Introduction to Users, Groups and Roles in ServiceNow
Updated: Jun 14, 2022
With Lorena Villanueva
In this article, we will cover the basics of creating users and groups, as well as assigning roles for access within ServiceNow. The steps spoken about in this article are in the Paris instance, but the general steps are applicable to prior instances as well. At a high-level and referencing ServiceNow documentation, users are individuals who have access to the system.
Groups are sets of users with a common purpose and roles that allow access to features within your organization's instance. For example, today we are going to create a new group that will be handling incidents. Along with that, we will create a new user and assign their rules to allow access to jump into our developer instance as an admin.
How to Create a New User
Today, we are going to focus heavily on the user administration application menu. To begin, we're going to take a look at how to create a user, which is essential to using the features within ServiceNow. To create a user, we navigate to the user's module under user administration, selecting the module will show us all records of users in the instance. We are going to add a new instance by selecting the “new” option.
Once we do this, we are brought to a form where we can create a new user record. When you record the name, that person, by default, is set to active; setting them to inactive would not allow for that person to access the system. After creating the user record, we can see that neither roles nor groups are assigned to them. This then means we’ll need to put this user in a group whose purpose is to have incident access.
How to Create a New Group Record
If you take a look at the group’s module, and there isn’t a group that will suit your needs, a new group must be created. After selecting new, you will be brought to a form to create a new group record. You will then have to name this group; for example, it can be named incident response. Next, you must set up a manager for the group as well, and from there we know that our group has been created and that they will need access to incident records. Our next step is to add a role to the group record we had just created.
How to Create a New Role
Earlier we mentioned that the roles allow access to features within your
organization's instance. Looking at the related lists of the group record, we notice that there are new roles assigned to the group. To add roles to the group, we must select edit. From there, we're brought to a screen where we're given a list of all roles in the system. In this case, we are going to look for itil. We will assign the role to the incident response group. Doing this will allow for users in that group to have access to all incident records in the system. As an admin, you would be looking at our new group record. Now we're ready to add someone as a group member. By selecting edit, we're brought to a screen showing all user records in the system.
When one has been removed from the incident response group, we note that their user profile has been updated. There will no longer be a group associated with their record, and after removing them from the incident response group, the inherited roles have also been removed. As best practice, it's recommended to assign roles to groups, rather than to users. This saves you the headache later on down the line when you need to either add or remove roles to multiple users at once. Although it is possible to add roles to a user, we want to make note that assigning users to groups, allows users to inherit rules based on the groups that they are assigned to.
How do Roles Operate
Taking another look at how roles operate, it was mentioned that roles allow access to features in the instance. Assigning the itil role to the incident
response group gave the members access to the incident records, but what
about the manager of the group? The manager is assigned to the incident management group.
In the group record, we see that roles have been assigned to the incident management record, one itil and the other ital admin. We recall the itil role allowed the incident response team to view incident records. The itil admin role also has access to multiple applications in the system. When selecting the all module under instance, they can view all incident records. Even when opening an incident they too can modify, update, and resolve instances. However, since they are the manager of the organization, they have been given the additional functionality of a delete button. When we look at the incident management group, there were two roles assigned both itil and itil admin. The added role of itil admin, in this case, now has the additional capability of deleting records if necessary.
Digging Deeper into Roles
ServiceNow does come with out-of-box roles, which allows access to the available modules in your instance. However, there may be instances where
you'll need to create custom roles for your applications, in which case you are certainly able to create new roles, just as you would new users and groups. This may be on a subscription-basis, so be sure to contact your ServiceNow Sales Representative to see what options are available for your organization. To summarize, users are individuals who have access to the system, groups are sets of users with a common purpose, and roles allow access to features within your organization's instance.
Did you find this Introduction of Users, Groups and Roles in ServiceNow article helpful? Are you ready to start your journey with ServiceNow? If you want to find out more information about GlideFast Consulting and our ServiceNow implementation services, you can reach out to us here.
About GlideFast Consulting
GlideFast is a ServiceNow Elite Partner and professional services firm that provides tailored solutions and professional services for ServiceNow implementations, integrations, managed support services, application development, and training.Reach out to our team here.