Thank you for your feedback.
Form temporarily unavailable. Please try again or contact to submit your comments.

Read only role

Log in to subscribe to topics and get notified when content changes.

Read only role

The read-only role (snc_read_only) restricts a user (or a group of users) to read-only access on the tables to which the user already has access.

This role is not intended to be the only role a user has. It is intended to be an additional role (in addition to the roles that the user normally has) for the purpose of restricting insert, update, and delete operations on the tables that the user can access as defined by the other roles.

After you assign this role to a user, they can no longer can create, update, or delete records on ANY tables.

Note: Assign this role only to users. Do not assign this role to other resources in the system, including applications, ACLs, and so on.

The snc_read_only role is included in the base ServiceNow system starting with the Fuji release and is active by default. Customers who upgrade to Fuji automatically have access to this role.

User administrators can assign the snc_read_only role to any user as a simple way to limit access to data without having to create ACLs for system and custom tables and fields. This is useful for performing internal or external audits without allowing a user to have insert or update access to data.

Users with the snc_read_only role have the following restrictions regardless of other roles and privileges they have.
  • Cannot insert, update, or delete records from the UI or when using the GlideRecord API.
  • Cannot activate or upgrade plugins.
  • Cannot directly run SQL.
  • Cannot upload XML files.
  • Can only run background scripts when on an instance in the public sandbox environment.
Note: These role restrictions are in place even if impersonating another user with write access such as an admin.