Thank you for your feedback.
Form temporarily unavailable. Please try again or contact docfeedback@servicenow.com to submit your comments.
Versions
  • London
  • Kingston
  • Jakarta
  • Istanbul
  • Helsinki
  • Geneva
  • Store
Close

Application administration

Application administration

Application administration allows organizations to protect sensitive application data by restricting how users acquire application-specific roles.

Application developers and administrators can use application administration to:
  • Prevent unauthorized users from accessing sensitive data such as financial records or personally identifiable information.
  • Restrict who can assign application roles.
  • Prevent admin users from:
    • Assigning themselves a protected application role.
    • Assigning themselves to a group containing a protected application role.
    • Bypassing existing access controls to a protected application by creating new access controls.
    • Changing the password of users who have a protected application role.
    • Impersonating a user who has a protected application role.
    • Inheriting a protected application roles.
    • Overriding existing access controls to a protected application.
    • Running scripts that access protected application records.

You can enable application administration from the application record and restrict the assignment of application roles from the user role record. Application developers should enable application administration after completing application development and before adding application records.

To prevent accidental lockout, the system displays a warning if you enable application administration for an application and there are no users who can assign application roles. For convenience, application developers can use the following related links to provide and remove application roles from all admins.
  • Grant application administration to all admins
  • Remove application administration from admins

Application specific administrators

The application's administration role only allows users access to the application and does not include any other admin role. Someone must assign an application user an admin role before that user can perform typical administration tasks such as:
  • Configure form and list layouts.
  • Make changes to application tables and fields.
  • Assign the application admin role to new users.

If you do not want the application administrator to have the admin role, the application administrator can make themselves a delegated developer. Once a delegated developer, the application administrator can perform a subset of administrative tasks without having the admin role.