Roles Roles control access to features and capabilities in applications and modules. The admin role provides access to all features and capabilities. After access has been granted to a role, all of the groups or users assigned to the role are granted the access. Roles can contain other roles, and any access granted to a role is granted to any role that contains it. For a complete list of the roles included with the ServiceNow platform, see Base system roles. Create a roleCreate a role to control access to features and capabilities in applications and modules. The new role does not have access to any application or module until you add other roles to it or add the new role to the appropriate applications and modules.Add a role to an existing roleWhen you add a new role to an existing role for a user, the user inherits the access that is granted by the new role.Assign a role to a groupYou can assign a role to a group to grant access to applications and modules to group members.Assign a role to a userA user inherits roles from all groups to which the user belongs. You can also assign roles directly to a user. Whenever a user is assigned a new role, it only takes affect after logging in with a new session.Base system rolesAdministrators can assign one or more base system user roles to grant access to base system platform features and applications.Role delegationAdministrators can authorize users to be role delegators to assign roles to users who are in a particular group. Role delegators can assign only the roles that are assigned to them. Security jump start - ACL rulesThe Security Jump Start (ACL Rules) Plugin is installed automatically on all new instances.Audit user rolesChanges to user roles are automatically tracked in the Audit Roles [sys_audit_role] table.