Professional Documents
Culture Documents
The Complete Servicenow System Administrator Course: Section 6 - User Administration
The Complete Servicenow System Administrator Course: Section 6 - User Administration
2 Groups 7 LDAP
3 Roles 8 SSO
5 Access Operations 10
• A ServiceNow account
• A record in the sys_user table
• Users may be apart of 0 or more groups
• Users may have 0 or more roles
• Users may also be assigned delegates
Users
• A record in the sys_user_group table
• Buckets which hold users who share a
common purpose/role
• Roles are assigned to groups
• Groups contain 0 or more roles
• May inherit other groups
Groups
Users & Groups
Demo
• Grants permissions to parts of the system
• A record in the sys_user_role table
• Assign roles to a group
• Contain access control rules
• Many out-of-box roles
Administrator group
Roles
Admin role
User
Popular Out-of-Box Roles
• admin
• security_admin
• itil
• itil_admin
• impersonator
• knowledge_admin
• report_admin
• catalog_admin
• asset
• ecmdb_admin
• A record in the sys_security_acl table
• Used to grant access
• Specifies
• Object and operations
• Permissions required
• * wildcard
Access Controls • Thousands of out-of-box access controls
Tying It All Together
• Access controls are assigned to roles
• Roles are assigned to groups
• Users are assigned to groups
Network Group
Write access
ITIL role
Yes
Fail
User makes Does ACL for
request for record matched object exist?
Evaluate conditions
No
Pass
Grant access to
object
Access Control Execution
Deny access to
Fail object
Evaluate rule
Does field rule match: permissions
1) table.field Pass
Rule
2) parent table.field
found
3) *.field Rule
User makes Grant access to
request for record found object
4) table.*
3) *
Roles & ACLs
Demo
LDAP
• Lightweight Directory Access Protocol
• Industry standard for directory services
• Active Directory
• Defines structure for users & groups
• 2 parts
• Authentication
• Data population
Yes
Single Sign-On (SSO)
• Used for authentication
• 3rd party (provider)
• Single account for all system access
• SSO provider communicates with ServiceNow
• Example: Okta, Facebook
Browser