Lesson 1
Roles & group membership
In ServiceNow, user roles and group memberships define a user’s access and permissions. Roles specify what a user can see and do within the platform, while groups are collections of users organized for easier role assignment.
-
Definition:Roles are sets of permissions that determine what a user can access and the actions they can perform in ServiceNow.
-
Examples:Roles include
admin,itil,security_admin, and roles specific to applications or modules. -
Assignment:Roles are assigned to users or user groups. Assigning a role to a user directly grants them the associated permissions.
-
Purpose:
Roles ensure that users only have access to the necessary resources and functionality for their job, promoting security and efficient workflow management.
-
Definition:
User groups are collections of users organized based on common characteristics, such as job function or department.
-
Purpose:
Groups simplify user management by allowing administrators to assign roles to groups rather than individual users, streamlining the process.
-
Assignment:
Roles can be assigned to groups, and all users within that group will inherit those roles.
-
Relationship to Roles:
While groups can contain users with specific roles, the group itself does not inherently grant those roles. Roles are the foundation of access control, and groups are a convenient tool for managing users with similar roles.
- Define clear roles: Establish roles aligned with specific job functions and responsibilities.
- Assign roles to groups: Utilize groups to manage users with similar roles.
- Follow the principle of least privilege: Assign users only the roles they need to perform their tasks.
- Regularly review roles and group memberships: Ensure that access is still appropriate and up-to-date.