Originally from earlduque/ServiceNow-Developer-Training. Thanks Earl!
Roles Standards #
- Roles should never be assigned directly to users
- Assign roles to groups then assign members to that group
- If needed for deployment, utilize the
Add to update settool installed in development to add any record relevant to group/role membership:
- Do not use application roles as a way to be able to edit configurations in production. Files typically included in update sets should follow a developement process (dev to test to production).
- Do not assign roles that would grant configuration access in the production environment unless it is agreed upon that the receiving group and users should have the access.
- Do not add new role inclusions to existing out-of-box roles if those roles are already being utilized elsewhere.
- It is preferred that new roles are created within scoped applications (not Global).
- Do not ever include the admin or security admin role in a group
- Do not grant admin access to other users. A rule is in place for IET Service Management to be notified every time this happens.
- New ROLE groups for granting access to new roles should be requested from IET Service Management.