| admin |
The administrator role. This role has special access to all system features,
functions, and data because administrators can override ACL rules and pass all
role checks. Consider these implications when using admin overrides on ACLs.
If you have sensitive information, such as HR records, that you need to
protect, you must create a custom admin role for that area and train a person
authorized to see those records to act as the administrator. Also note the Special
Administrative Roles.
Warning: Grant this privilege carefully.
|
| agent_admin |
Can manage MID Server-related scripts. |
| approval_admin |
Can approve or reject approvals. |
| approver_user |
Can modify requests for approval routed to them. They also have all
capabilities of Requesters.
Note: There is a fee associated with this role. Do not assign it to users
without confirming your organization has the appropriate entitlement.
|
| assignment_rule_admin |
Can manage Assignment Rules. |
| asset |
Can manage hardware and software assets. |
| catalog |
Has access to service catalog requests. |
| catalog_admin |
Can manage the Service Catalog application, including catalog categories and
items. |
| catalog_editor |
Can create, modify, and publish items within categories they are assigned
to. |
| catalog_item_designer |
Can view the status of their category requests. |
| catalog_manager |
Can view and assign catalog editors to their categories. Can also create,
modify, and publish items within their categories. |
| category_manager |
Can create, edit, and delete model categories. |
| cmdb_read |
Can read any CMDB table. Contained in admin and itil. |
| communication_manager |
Manages communication for major incidents and is responsible for
communicating with all stakeholders. |
| contract_manager |
Can create, edit, and delete contracts through the Contract Management
application. |
| ecmdb_admin |
Can administer the CMDB. |
| filter_admin |
Can manage filters. |
| filter_global |
Can create global filters. |
| filter_group |
Can create filters that belong to groups of which the user is a
member. |
| gauge_maker |
Can create gauges from reports. Starting with Helsinki, reports are no longer
made into gauges. |
| guided_tour_admin |
Can manage and administer Guided Tour functionality. |
| image_admin |
Can manage image files on the Images [db_image] table. |
| impersonator |
Can impersonate users. Does not allow impersonation of admin users. |
| import_admin |
Can manage all aspects of import sets and imports. |
| import_scheduler |
Can schedule imports. |
| import_set_loader |
Can load import sets. |
| import_transformer |
Can manage import set transform maps and run transforms. |
| incident_manager |
Manages Incident properties and Major Incident trigger rules. |
| inventory_admin |
Can create and delete stock information. Only users with the inventory_admin
role can edit stock rules, stockrooms, and stockroom types. |
| inventory_user |
Has access to stock information. Can create and manage transfer
orders. |
| itil |
Can perform standard actions for an ITIL helpdesk technician. Can open,
update, close incidents, problems, changes, configuration management items. By
default, only users with the itil role can have tasks assigned to them. |
| itil_admin |
Possesses more privileges than the itil role and is intended for team leads.
This role has the ability to delete incidents, problems, changes, and other
related entities when both the itil and itil_admin roles are assigned. |
| knowledge |
Can create, edit, and review knowledge base articles. |
| knowledge_admin |
Can manage the knowledge base. |
| list_updater |
Can use Update Entire List and Update Selected menu options on lists. |
| maint |
Reserved for ServiceNow use. |
| mid_server |
Role that any MID server user should be granted. This role gives the MID
server access to the tables it ordinarily uses. |
| model_manager |
Can create new CMDB models. Model manager can control the base models and any
model extensions that are not software or consumables. Consumable models are
controlled by the asset manager role (asset). Software models are control by the
software asset manager role (sam). |
| major_incident_manager |
Initiates the major incident process by assessing and approving major
incident candidates or creating a major incident. Maintains the ownership and
accountability for the lifecycle of the incident. Identifies the users and groups
to be involved in the resolution activities and sets up communication
channels. |
| nobody |
The nobody role means that no user has access - not even admin or maint. Use
the nobody role carefully. The nobody role takes precedence over the admin
override option on ACLs, so even admins cannot have access. See Create an ACL rule.
Do not assign it to specific users. You can use this role in ACLs that control
access to resources, such as UI pages, processors, script includes, and
records.
Warning: Applying the nobody role may be irreversible if applied to
some important system functions.
|
| personalize |
Can configure forms, lists, rules, controls, scripts. |
| personalize_choices |
Can configure choices and predefined responses for non-journal fields designated as
choice or suggestion fields. |
| personalize_control |
Can configure controls on lists, such as filters, links, and
buttons. |
| personalize_dictionary |
Can configure dictionary
entries
and labels. |
| personalize_form |
Can configure forms. |
| personalize_list |
Can configure lists and list calculations. |
| personalize_responses |
Can configure predefined responses for journal fields designated as suggestion fields. |
| personalize_rules |
Can configure business rules and scripts. This role contains the following
specialized roles for granting selective, administrative access to rules and
scripts:
- business_rule_admin
- client_script_admin
- ui_policy_admin
- ui_action_admin
|
| personalize_styles |
Can configure field
styles. |
| personalize_ui |
Can configure forms and lists. |
| public |
No login is required to access features or functions with the public
role. |
| release_admin |
Can edit Release history for a release. |
| report_admin |
Can manage reports. |
| report_global |
Can create global reports. |
| report_group |
Can create reports and share reports with groups that the user is a member
of. Users with this role can edit reports shared by other users in the
group. |
| report_publisher |
Can make reports available on a public page. |
| report_scheduler |
Can schedule a report to be emailed. |
| script_fix_admin |
Can manage fix scripts. |
| sn_appclient.app_client_company_installer |
Can install applications containing the same company as the currently logged
in instance.User role that allows for first time installation of only those
applications for the company associated with the currently logged in instance. A
user with this role cannot install an application for another company. |
| sn_appclient.app_client_user |
Can install applications containing the same company as the currently logged
in instance. |
| soap |
Can query, create, update, and delete records on all tables, as well as
execute scripts. |
| soap_create |
Can create records on all tables and columns. |
| soap_delete |
Can delete records on all tables and columns. |
| soap_ecc |
Can query, create, and update on the ECC Queue table only. |
| soap_query |
Can query records on all tables and columns. |
| soap_query_update |
Can query and update records on all tables and columns. |
| soap_script |
Can execute business rule endpoint function via script.do. |
| soap_update |
Can update records on all tables and columns. |
| survey_admin |
Can manage survey masters, questions, and instances. Contains the
assessment_admin role. |
| survey_reader |
Can read survey instances and responses. |
| task_editor |
Can edit protected task fields. |
| template_editor |
Can create templates for personal use, and modify or delete personal
templates. Included in the itil role in the base system. |
| template_editor_global |
Can create templates for global use. |
| template_editor_group |
Can create templates for groups. |
| template_scheduler |
Can schedule template-based record creation. |
| text_search_admin |
Can customize Global Text Search groups and tables. |
| timecard_admin |
Can approve, modify, and delete the time cards of other users. |
| ts_admin |
Can administer Zing text indexing and search engine. |
| unlimited_createnow |
Role for CreateNow unlimited licensed users. |
| upgrade_app |
Can upgrade installed applications containing the same company as the
currently logged in instance. Cannot perform first time installations of
applications published to the Application Client page. |
| user |
Available for customer use, has no function in the base system. |
| user_admin |
Can administer users, groups, locations, and companies. |
| view_changer |
Can switch active views. |
| workflow_admin |
Can create, edit, publish or delete graphical workflows. |
| workflow_creator |
Can create new graphical workflows. |
| workflow_publisher |
Can publish graphical workflows. |
