The read-only role and how to use it

The Now Platform includes the capability to easily configure a specific user or group to access certain tables in a read-only format.  This is done using the special snc_read_only role.

The Purpose of the Read-Only Role

Adding this role to a user or group on the instance will cause all users with this role to immediately have read-only access to any tables they could previously modify or otherwise manipulate.

The snc_read_only role provides no additional permissions to the individual or group to whom it is assigned (read or otherwise). This role is normally used together with one or more other roles. This role simply prevents the user from inserting, modifying, or deleting records in tables that the user currently has access to by virtue of other roles or permissions on the instance.

Example

In this example, a user has the standard itil role and can normally access and edit a number of different record types in the instance, such as Incident.

However, if you add the snc_read_only role while retaining all the other roles already associated with the user, they can no longer edit the incident, as shown in the following image. 

Add or remove the read-only role to an existing user

To add the role, follow these steps:

1. Sign in to the instance with an admin or user_admin account.
2. Go to User Administration > Users.
3. Filter the user list to locate the user for which the role is to be added or removed.
4. To open that user account record, select the Information icon to the left of the row corresponding to this user.
5. Scroll to the Roles List for this user record, and select Edit. A slush bucket control is displayed.
6. In the list on the left, find the role with the name snc_read_only.
   
   
7. Double-click the role or use the arrows in the middle to move it to the list on the right.
8. Select Save in the Edit Members dialog box.

The next time this user signs in, they will have read-only access to any records they can access.

To remove the read-only role, follow the same process. This time, simply move the snc_read_only role from the list on the right to the list on the left. The next time the user signs in, they will then be able to edit any applicable objects that are provided by other roles.

This role can sometimes be the cause of other issues. A user who had permission to edit certain record types reports that the button and menu options are no longer visible and the fields appear in a read-only format. They may have inadvertently been assigned the snc_read_only role.

Check if the snc_read_only role has been applied to the user and if this is accurate. To fix this, follow the previous steps for removing the role from their profile. Once they sign out and sign back in, this should correct the issue.