Connection-level qualifiers for faster queries and lower API load →
Steampipe Hub 
Hub
Plugins
turbot/servicenow
Overview
20Tables
Versions
GitHub
steampipe plugin install servicenow

Table: servicenow_sys_user_has_role - Query ServiceNow User Roles using SQL

ServiceNow User Roles is a feature within ServiceNow that allows administrators to manage access levels and permissions for individual users. It provides a structured way to assign and monitor roles for various users, including administrators, developers, and IT support staff. ServiceNow User Roles helps in maintaining security and efficient workflow by ensuring that users have appropriate access to perform their tasks.

Table Usage Guide

The servicenow_sys_user_has_role table provides insights into User Roles within ServiceNow. As a system administrator or IT manager, explore user-specific role details through this table, including assigned roles and related metadata. Utilize it to uncover information about user access levels, such as those with administrative permissions, the relationships between users and their roles, and the verification of user permissions.

Examples

Which users have been granted a specific role through inheritance?

This query allows you to identify which users have been assigned a specific administrative role through inheritance. It's useful in managing user permissions and understanding the distribution of administrative roles in your system.

select
  uhr.user ->> 'value' as user_sys_id,
  u.name
from
  servicenow_sys_user_has_role uhr
  join servicenow_sys_user_role r on uhr.role ->> 'value' = r.sys_id
  join servicenow_sys_user u on uhr.user ->> 'value' = u.sys_id
where
  r.name = 'user_admin'
  and uhr.inherited = true;
select
  json_extract(uhr.user, '$.value') as user_sys_id,
  u.name
from
  servicenow_sys_user_has_role uhr
  join servicenow_sys_user_role r on json_extract(uhr.role, '$.value') = r.sys_id
  join servicenow_sys_user u on json_extract(uhr.user, '$.value') = u.sys_id
where
  r.name = 'user_admin'
  and uhr.inherited = 1;

What is the total number of roles granted?

Analyze the settings to understand the total count of unique roles granted to users in your ServiceNow instance. This can help in assessing the distribution of responsibilities and privileges within your team.

select
  count(distinct role ->> 'value') as total_roles_granted
from
  servicenow_sys_user_has_role;
select
  count(distinct json_extract(role.value, '$.value')) as total_roles_granted
from
  servicenow_sys_user_has_role,
  json_each(role);

Which roles have been granted to a specific user?

Determine the areas in which a particular user has been assigned roles. This helps in understanding the user's permissions and access levels within the system.

select
  r.name as role_name
from
  servicenow_sys_user_role r
  join servicenow_sys_user_has_role uhr on uhr.role ->> 'value' = r.sys_id
where
  uhr.user ->> 'value' = 'd8f57f140b20220050192f15d6673a98';
select
  r.name as role_name
from
  servicenow_sys_user_role r,
  servicenow_sys_user_has_role uhr
where
  json_extract(uhr.role, '$.value') = r.sys_id
  and json_extract(uhr.user, '$.value') = 'd8f57f140b20220050192f15d6673a98';

How many users have been granted each role?

Determine the distribution of user roles within your system to understand the level of access granted to different users. This can aid in security audits by identifying potential over-privileged users.

select
  r.name as role_name,
  count(distinct uhr.user ->> 'value') as user_count
from
  servicenow_sys_user_role r
  join servicenow_sys_user_has_role uhr on uhr.role ->> 'value' = r.sys_id
group by
  r.name;
select
  r.name as role_name,
  count(distinct json_extract(uhr.user, '$.value')) as user_count
from
  servicenow_sys_user_role r
  join servicenow_sys_user_has_role uhr on json_extract(uhr.role, '$.value') = r.sys_id
group by
  r.name;

Which users have been granted a role with elevated privileges?

Identify instances where users have been given roles with increased access rights. This can be useful for auditing purposes, ensuring only authorized personnel have such privileges.

select
  distinct uhr.user ->> 'value' as user_sys_id
from
  servicenow_sys_user_has_role uhr
  join servicenow_sys_user_role r on uhr.role ->> 'value' = r.sys_id
where
  r.elevated_privilege = true;
select
  distinct json_extract(uhr.user, '$.value') as user_sys_id
from
  servicenow_sys_user_has_role uhr
  join servicenow_sys_user_role r on json_extract(uhr.role, '$.value') = r.sys_id
where
  r.elevated_privilege = 1;

Schema for servicenow_sys_user_has_role

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form, e.g. connection_name.
granted_byjsonbUser or role that granted this role to the user.
included_in_rolejsonbRole in which this role is included.
included_in_role_instancejsonbRole instance in which this role is included.
inh_countbigintCount of inherited roles.
inh_maptextMapping of inherited roles.
inheritedbooleanIndicates if the role is inherited.
rolejsonbRole assigned to the user.
statetextState of the role assignment.
sys_created_bytextUser who created the record.
sys_created_ontimestamp with time zoneDate and time when the record was created.
sys_idtextUnique system identifier for the record.
sys_mod_countbigintNumber of times the record was modified.
sys_updated_bytextUser who last updated the record.
sys_updated_ontimestamp with time zoneDate and time when the record was last updated.
userjsonbUser to whom the role is assigned.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- servicenow

You can pass the configuration to the command with the --config argument:

steampipe_export_servicenow --config '<your_config>' servicenow_sys_user_has_role