Skip to page contentSkip to chat
ServiceNow support
    • Community
      Ask questions, give advice, and connect with fellow ServiceNow professionals.
      Developer
      Build, test, and deploy applications
      Documentation
      Find detailed information about ServiceNow products, apps, features, and releases.
      Impact
      Accelerate ROI and amplify your expertise.
      Learning
      Build skills with instructor-led and online training.
      Partner
      Grow your business with promotions, news, and marketing tools
      ServiceNow
      Learn about ServiceNow products & solutions.
      Store
      Download certified apps and integrations that complement ServiceNow.
      Support
      Manage your instances, access self-help, and get technical support.
How to restrict the 'admin' role from having too much access - Support and Troubleshooting
  • >
  • Knowledge Base
  • >
  • Support and Troubleshooting (Knowledge Base)
  • >
  • How to restrict the 'admin' role from having too much access
KB0687527

How to restrict the 'admin' role from having too much access


5483 Views Last updated : Aug 22, 2022 public Copy Permalink
KB Summary by Now Assist

Issue

The base system 'admin' role is very unique and should be considered as the all-inclusive user role since it passes all user role requirements. Essentially the 'admin' role contains almost all other roles, besides "security_admin" and "maint". If an ACL requires a specific role, the admin user will pass that ACL regardless if the Admin Overrides checkbox is not selected. Additionally, if there are any other scripts that require a role, the 'admin' role will always pass access.
 
From our product documentation, you can see the following information in the role description- 
"The administrator role. This role has special access to all system features, functions, and data because administrators can override ACL rules and pass all role checks. Consider these implications when using admin overrides on ACLs." 
-https://docs.servicenow.com/csh?topicname=r_BaseSystemRoles.html&version=latest

Release

All versions

Resolution

If there is important data (such as HR information) that should not be modified or seen by the 'admin' role, additional steps need to be taken to prevent admin users from having too much access. 

If the role requirement is removed on an ACL and the Admin Overrides checkbox is unchecked, a scripted role check to ensure users do not have the admin role will keep the admin user from having too much access.

Here is an example of a simple script to add to an ACL: 

if (gs.hasRole('hr_admin') && !gs.hasRole('admin')) { 
answer = true; 
} 

else { 
answer = false; 
}

The world works with ServiceNow.

Sign in for more! There's more content available only to authenticated users Sign in for more!
Did this KB article help you?
Did this KB article help you?

How would you rate your Now Support digital experience?

*

Very unsatisfied

Unsatisfied

Neutral

Satisfied

Very satisfied

Very unsatisfied

Unsatisfied

Neutral

Satisfied

Very satisfied

What can we improve? Please select all that apply.

What are we doing well? Please select all that apply.

Tell us more

*

Do you expect a response from this feedback?

  • Terms and conditions
  • Privacy statement
  • GDPR
  • Cookie policy
  • © 2025 ServiceNow. All rights reserved.