Home Orlando HR Service Delivery HR Service Delivery Case and Knowledge Management HR Administration Manage HR roles

Manage HR roles

Roles control access to features and capabilities in modules in the HR application.

The HR Service Delivery Scoped app prevents users outside of the HR organization from accessing HR data.

Scoped roles for both HR case workers and HR clients (employees, contractors, alumni, and others) grant access to HR services. Users without an HR scoped role cannot view HR cases or HR profile information.

Only the HR Administrator [sn_hr_core.admin] can assign scoped HR roles.

To configure your system, you must log in as a System Administrator [admin]. The HR Administrator [sn_hr_core.admin] role is contained in the System Administrator [admin] role. The combination of these two roles allows a user to perform all tasks associated with configuring your system.

After system configuration, ensure that only the HR Administrator [sn_hr_core.admin] role has access to sensitive information. Remove the HR Administrator role from System Administrator [admin] role to prevent the System Administrator from viewing sensitive HR information.

After granting access to a role, all the groups or users assigned to the role also have access. Roles can contain other roles, and grants access to any role that contains it.

Note: IT System Administrators (admin) and HR scoped users can still impersonate ServiceNow users. When impersonating a user with a scoped HR role, an admin or any HR scoped user cannot access features granted by that role. HR cases and profile information are not accessible. Only users with the scoped HR Administrator [sn_hr_core.admin] can see case details when impersonating other scoped HR users. Also, admin cannot change the password of any user with a scoped HR role. For more information on impersonating a user, see Impersonate a user.

HR Performance Analytics: To configure the Performance Analytics (PA) dashboard, assign the Performance Analytics Administrator [pa_admin] role to the HR Administrator [sn_hr_core.admin] role.
Note: Only the System Administrator [admin] can assign PA roles to employees.


Role	Description
System Administrator [admin]	Also known as admin and IT admin. Within the global scope of the application, has access to all system features, functions, and data, regardless of security constraints. Grant users with the delegated developer role [delegated_developer]. Build export sets, move content between instances (development to production), and clone instances. Run guided setup or modules to manage: Company-wide objects like user, departments, and locations.
HR Administrator [sn_hr_core.admin]	This role can: Assign users any of the HR roles. View and access the HR Service Portal. View, create, and edit HR cases in HR Case Management. Access and create HR tasks inside an HR case using the Add Task related link. View, create, and edit HR profiles including sensitive information like SSN and salary. Create HR profiles and generate for multiple users through custom criteria. Associate any user to HR roles, groups, and skills. View and access HR Administration. View and access HR Dashboards & Reports. Run Application View to manage: HR objects like HR roles and profiles. Note: When the Human Resources Scoped App: Core (com.sn_hr_core) and Lifecycle Events (com.sn_hr_lifecycle_events) plugins are active, the Lifecycle Admin (sn_hr_le.admin) role is part of HR Admin (sn_hr_core.admin).
Delegated Developer [delegated_developer]	When added to the HR Administrator role, can: Access, and manage HR objects like HR profile, cases, groups, roles, service catalog objects, and Service Portal. Modify HR application-related objects like skills, Knowledge Base, chat, notifications, surveys, reports, integrations, and SC. Modify application structures like tables, business rules, and client-side validation,
User with HR role	There are specific HR roles that allow users access to specific areas of the system. For example, the HR profile reviewer [sn_hr_core.profile_reader] role can read profiles, but not edit them.
User without HR role	Users without an HR role cannot access HR Service Delivery.
User with no role	Users with no role cannot see any HR information even on HR cases they created or have HR tasks assigned to them.

After system configuration, to ensure that only HR Administrator has access to sensitive information and prevent the System Administrator from accessing sensitive information:

Remove the HR Administrator [sn_hr_core.admin] role from System Administrator [admin].
- The base system requires a user with the System Administrator role to run scheduled jobs. For details on HR scheduled jobs, see Components installed with Case and Knowledge Management.
- To ensure the scheduled jobs run, change the user in the Run as field for each scheduled job to a user that has the HR admin role.
  Note: Changing the user allows the scheduled jobs to run, but only a user with the System Admin role can view and run a scheduled job on demand.
- Change the scope of the application to Human Resources: Core application. For information on changing the scope, see Contextual development edit messages.
- Reveal the Run as field. For information on revealing hidden fields on a form, see Configuring the form layout.

Log out and log back in to ensure that the changes take effect.

Note: Ensure that you have completed setup before removing the HR Administrator role.

Minimum number of scoped admins required

System properties determine the minimum number (default is two) of scoped admins that must be active for an application. For example,

sn_hr_ef.min_admin_count = 2
You have two users with the sn_hr_core.admin role.
If you try to delete one of the users, an error message appears and prevents you from deleting the user.

To list the properties, enter sys_properties.list in the filter navigator and search for the property to configure.

The list of system properties and what scoped admin can access:

Table 1. System Properties
Property Name	Scoped Admin
sn_hr_core.min_admin_count	HR admin [sn_hr_core.admin]
sn_hr_ef.min_admin_count	Employee Document Management admin [sn_hr_ef.admin]
sn_hr_integrations.min_admin_count	HR Integration Admin [sn_hr_integrations.admin]
sn_hr_le.min_admin_count	HR Lifecycle Event Admin [sn_hr_le.admin]
sn_hr_le_pa.admin_count	HR Lifecycle Event Performance Analytics Admin [sn_hr_le_pa.admin]
sn_hr_pa.min_admin_count	HR Performance Analytics Admin [sn_hr_pa.admin]
sn_hr_pj.min_admin_count	HR Parental Journey Admin [sn_hr_le_pj.admin]
sn_hr_sp.min_admin_count	HR Service Portal Admin [sn_hr_sp.admin]
sn_hr_va.min_admin_count	HR Virtual Agent Admin [sn_hr_va.admin]
sn_templated_snip.min_admin_count	Response Template Admin [sn_templated_snip.admin]
sn_hr_ws.min_admin_count	HR Agent Workspace Admin [sn_hr_ws.admin]

Previous topic

Next topic

Release version

Manage HR roles

Roles control access to features and capabilities in modules in the HR application.

The HR Service Delivery Scoped app prevents users outside of the HR organization from accessing HR data.

Only the HR Administrator [sn_hr_core.admin] can assign scoped HR roles.

After granting access to a role, all the groups or users assigned to the role also have access. Roles can contain other roles, and grants access to any role that contains it.

HR Performance Analytics: To configure the Performance Analytics (PA) dashboard, assign the Performance Analytics Administrator [pa_admin] role to the HR Administrator [sn_hr_core.admin] role.
Note: Only the System Administrator [admin] can assign PA roles to employees.


Role	Description
System Administrator [admin]	Also known as admin and IT admin. Within the global scope of the application, has access to all system features, functions, and data, regardless of security constraints. Grant users with the delegated developer role [delegated_developer]. Build export sets, move content between instances (development to production), and clone instances. Run guided setup or modules to manage: Company-wide objects like user, departments, and locations.
HR Administrator [sn_hr_core.admin]	This role can: Assign users any of the HR roles. View and access the HR Service Portal. View, create, and edit HR cases in HR Case Management. Access and create HR tasks inside an HR case using the Add Task related link. View, create, and edit HR profiles including sensitive information like SSN and salary. Create HR profiles and generate for multiple users through custom criteria. Associate any user to HR roles, groups, and skills. View and access HR Administration. View and access HR Dashboards & Reports. Run Application View to manage: HR objects like HR roles and profiles. Note: When the Human Resources Scoped App: Core (com.sn_hr_core) and Lifecycle Events (com.sn_hr_lifecycle_events) plugins are active, the Lifecycle Admin (sn_hr_le.admin) role is part of HR Admin (sn_hr_core.admin).
Delegated Developer [delegated_developer]	When added to the HR Administrator role, can: Access, and manage HR objects like HR profile, cases, groups, roles, service catalog objects, and Service Portal. Modify HR application-related objects like skills, Knowledge Base, chat, notifications, surveys, reports, integrations, and SC. Modify application structures like tables, business rules, and client-side validation,
User with HR role	There are specific HR roles that allow users access to specific areas of the system. For example, the HR profile reviewer [sn_hr_core.profile_reader] role can read profiles, but not edit them.
User without HR role	Users without an HR role cannot access HR Service Delivery.
User with no role	Users with no role cannot see any HR information even on HR cases they created or have HR tasks assigned to them.

After system configuration, to ensure that only HR Administrator has access to sensitive information and prevent the System Administrator from accessing sensitive information:

Remove the HR Administrator [sn_hr_core.admin] role from System Administrator [admin].
- The base system requires a user with the System Administrator role to run scheduled jobs. For details on HR scheduled jobs, see Components installed with Case and Knowledge Management.
- To ensure the scheduled jobs run, change the user in the Run as field for each scheduled job to a user that has the HR admin role.
  Note: Changing the user allows the scheduled jobs to run, but only a user with the System Admin role can view and run a scheduled job on demand.
- Change the scope of the application to Human Resources: Core application. For information on changing the scope, see Contextual development edit messages.
- Reveal the Run as field. For information on revealing hidden fields on a form, see Configuring the form layout.

Log out and log back in to ensure that the changes take effect.

Note: Ensure that you have completed setup before removing the HR Administrator role.

Minimum number of scoped admins required

System properties determine the minimum number (default is two) of scoped admins that must be active for an application. For example,

sn_hr_ef.min_admin_count = 2
You have two users with the sn_hr_core.admin role.
If you try to delete one of the users, an error message appears and prevents you from deleting the user.

To list the properties, enter sys_properties.list in the filter navigator and search for the property to configure.

The list of system properties and what scoped admin can access:

Table 1. System Properties
Property Name	Scoped Admin
sn_hr_core.min_admin_count	HR admin [sn_hr_core.admin]
sn_hr_ef.min_admin_count	Employee Document Management admin [sn_hr_ef.admin]
sn_hr_integrations.min_admin_count	HR Integration Admin [sn_hr_integrations.admin]
sn_hr_le.min_admin_count	HR Lifecycle Event Admin [sn_hr_le.admin]
sn_hr_le_pa.admin_count	HR Lifecycle Event Performance Analytics Admin [sn_hr_le_pa.admin]
sn_hr_pa.min_admin_count	HR Performance Analytics Admin [sn_hr_pa.admin]
sn_hr_pj.min_admin_count	HR Parental Journey Admin [sn_hr_le_pj.admin]
sn_hr_sp.min_admin_count	HR Service Portal Admin [sn_hr_sp.admin]
sn_hr_va.min_admin_count	HR Virtual Agent Admin [sn_hr_va.admin]
sn_templated_snip.min_admin_count	Response Template Admin [sn_templated_snip.admin]
sn_hr_ws.min_admin_count	HR Agent Workspace Admin [sn_hr_ws.admin]

How search works:

Topics are ranked in search results by how closely they match your search terms

Manage HR roles

Manage HR roles

On this page

Manage HR roles

Manage HR roles

Log in to personalize your search results and subscribe to topics