InServiceNow, the best practice for managingusers, groups, and rolesis based onrole-based access control (RBAC).
Assign Roles to Groups (Correct)
Instead of assigning roles directly to users, it is abest practice to assign roles to groups.
This ensuresbetter role management, easier administration, and scalability.
Example:
The"IT Support"group has the"itil"role.
All users in this group automatically get theitilrole.
Add Users to Groups (Correct)
Users should be assigned togroupsrather thanroles directly.
Groups inherit roles, so when a user is added to a group, they automatically receivethe appropriate access.
Example:
A new Service Desk agent joins the"Service Desk"group and immediately gets the associated roles (itil,incident_manager, etc.).
A. You should never assign roles to groups(Incorrect)
Incorrect: Assigning roles to groups is therecommended best practice.
Managing roles at thegroup levelmakesaccess control more efficient and scalable.
B. You should assign roles to users(Incorrect)
Incorrect: Assigning roles directly to users isnot a best practicebecause it becomes difficult to manage as the organization grows.
Instead, users should beadded to groupsthat have the necessary roles.
Best Practices for Users, Groups, and Roles:Why Other Options Are Incorrect?
Managing Users, Groups, and Roles
ServiceNow Best Practices for Roles & Groups
Role-Based Access Control (RBAC)
User Administration
References from ServiceNow CSA Documentation:
