Manage HR roles Roles control access to features and capabilities in modules in the HR application. The HR Service Delivery Scoped app prevents users outside of the HR organization from accessing HR data. Scoped roles for both HR case workers and HR clients (employees, contractors, alumni, and others) grant these users access to HR services. Users without an HR scoped role are blocked from viewing HR cases or HR profile information. Only the HR Administrator [sn_hr_core.admin] can assign scoped HR roles. These roles can be assigned to inactive users to create HR cases for new hires and alumni. IT System Administrators [admin] can still impersonate ServiceNow users. However, when impersonating a user with a scoped HR role, an admin is not able to access features granted by that role, including HR cases and profile information. Also, admin cannot change the password of any user with a scoped HR role. To configure your system, you must log in as a System Administrator [admin]. The HR Administrator [sn_hr_core.admin] role is contained in the System Administrator [admin] role. The combination of these two roles allows a user to perform all tasks associated with configuring your system. After system configuration, ensure that only the HR Administrator [sn_hr_core.admin] role has access to sensitive information. Remove the HR Administrator role from System Administrator [admin] role to prevent the System Administrator from viewing sensitive HR information. After access has been granted to a role, all the groups or users assigned to the role are granted the access. Roles can contain other roles, and any access granted to a role is granted to any role that contains it.Note: IT System Administrators (admin) and HR scoped users can still impersonate ServiceNow users. When impersonating a user with a scoped HR role, an admin or any HR scoped user cannot access features granted by that role. HR cases and profile information cannot be accessed. Only users with the scoped HR Administrator [sn_hr_core.admin] can see case details when impersonating other scoped HR users. Also, admin cannot change the password of any user with a scoped HR role. Role Description System Administrator [admin] Also known as admin and IT admin.Within the global scope of the application, has access to all system features, functions, and data, regardless of security constraints. Grant users with the delegated developer role [delegated_developer]. Build export sets, move content between instances (development to production), and clone instances. Run guided setup or modules to manage: Company-wide objects like user, departments, and locations. HR Administrator [sn_hr_core.admin] This role can: Assign users any of the HR roles. View and access the HR Service Portal. View, create, and edit HR cases in HR Case Management. Access and create HR tasks inside an HR case using the Add Task related link. View, create, and edit HR profiles including sensitive information like SSN and salary. Create HR profiles and generate for multiple users through custom criteria. Associate any user to HR roles, groups, and skills. View and access HR Administration. View and access HR Dashboards & Reports. Run Application View to manage: HR objects like HR roles and profiles. Note: Lifecycle Admin (sn_hr_le.admin) is part of HR Admin (sn_hr_core.admin) when the Human Resources Scoped App: Core (com.sn_hr_core) and Lifecycle Events (com.sn_hr_lifecycle_events) plugins are activated. To use the scoped admin features, you must remove the Lifecycle Admin role from the HR Admin role. Delegated Developer [delegated_developer] When added to the HR Administrator role, can: Access, and manage HR objects like HR profile, cases, groups, roles, service catalog objects, and Service Portal. Modify HR application-related objects like skills, Knowledge Base, chat, notifications, surveys, reports, integrations, and SC. Modify application structures like tables, business rules, and client-side validation, User with HR role There are specific HR roles that allow users access to specific areas of the system. The HR profile reviewer [sn_hr_core.profile_reader] role can read profiles, but not edit them. User without HR role Users without an HR role can view HR information on cases they created, created for them (opened for), or have HR tasks assigned to them. User with no role Users with no role cannot see any HR information even on HR cases they created or have HR tasks assigned to them. After system configuration, to ensure that only HR Administrator has access to sensitive information and prevent the System Administrator from accessing sensitive information: Remove the HR Administrator [sn_hr_core.admin] role from System Administrator [admin]. Ensure that you have at least two users with the HR Administrator role. If you assign only one person with the role and that person is deactivated, you no longer have a user that can perform the HR admin duties. Log out and log back in to ensure that the changes take effect.Note: Ensure that you have completed setup before removing the HR Administrator role.Note: Scheduled jobs that require the Admin role do not run. But, all HR scheduled jobs should run after the Admin role is removed. Remove HR Administrator role from IT System AdministratorAfter system configuration, ensure that only the HR Administrator [sn_hr_core.admin] role has access to sensitive information. Remove the HR Administrator role from System Administrator [admin] role to prevent the System Administrator from viewing sensitive HR information.Add Delegated Developer to HR AdministratorFor an HR Administrator [sn_hr_core.admin] to configure forms, related lists, and updates script includes and ACLs, the delegated developer role must be added.Manage HR GroupsHR Groups are a set of users with common job skills.HR skills managementYour organization can define HR skills to establish the qualifications of HR staff. Skills can be included in the auto-assignment process used to assign HR agents to HR cases and tasks.Create or modify escalation rulesYou can create an escalation process to assign HR cases to HR agents with the appropriate skills.Client rolesYou can control what HR functionality that an employee can access using Client Roles. You can license all employees or provide HR services to users in a specific location or group.