Table: servicenow_sys_user_role - Query ServiceNow User Roles using SQL
ServiceNow User Roles is a feature within the ServiceNow platform that facilitates role-based access control (RBAC). It enables administrators to assign specific roles to users, thereby controlling their access to certain parts of the system. This feature is essential for managing user permissions and ensuring security within the ServiceNow environment.
Table Usage Guide
The servicenow_sys_user_role table provides insights into user roles within ServiceNow. As an administrator, explore role-specific details through this table, including role names, descriptions, and associated users. Utilize it to uncover information about roles, such as those with excessive permissions, the distribution of roles among users, and the verification of user access rights.
Examples
Roles considered elevated privileges
Discover the segments that have elevated privileges in the ServiceNow user role system. This can be useful to identify potential risks or security concerns within your system.
select namefrom servicenow_sys_user_rolewhere elevated_privilege = true;select namefrom servicenow_sys_user_rolewhere elevated_privilege = 1;Roles that can be granted independently
Identify roles within ServiceNow that are permitted to be granted independently. This allows for a more flexible and customizable management of user permissions within the system.
select namefrom servicenow_sys_user_rolewhere grantable = true;select namefrom servicenow_sys_user_rolewhere grantable = 1;Roles that require a subscription
Determine the roles that necessitate a subscription within your ServiceNow environment. This can be useful for managing access and budgeting resources.
select namefrom servicenow_sys_user_rolewhere requires_subscription = 'yes';select namefrom servicenow_sys_user_rolewhere requires_subscription = 'yes';Roles that can be delegated
Identify instances where certain roles can be delegated within the ServiceNow system. This is useful in understanding the hierarchy and distribution of responsibilities within your organization.
select namefrom servicenow_sys_user_rolewhere can_delegate = true;select namefrom servicenow_sys_user_rolewhere can_delegate = 1;Scoped administrator roles
Explore which roles in ServiceNow have been assigned scoped administrator privileges. This can help manage security and access control within your organization.
select namefrom servicenow_sys_user_rolewhere scoped_admin = true;select namefrom servicenow_sys_user_rolewhere scoped_admin = 1;Roles that include other roles
Discover the segments that have embedded roles within them in your ServiceNow user roles, to better manage and understand your system's access control hierarchy. This can be beneficial in identifying potential security risks or redundancies.
select name, includes_rolesfrom servicenow_sys_user_rolewhere includes_roles is not null;select name, includes_rolesfrom servicenow_sys_user_rolewhere includes_roles is not null;Roles requiring 'Assignable By' role
Discover the roles that require an 'Assignable By' role for allocation, enabling you to manage and delegate user permissions effectively.
select name, assignable_byfrom servicenow_sys_user_rolewhere assignable_by is not null;select name, assignable_byfrom servicenow_sys_user_rolewhere assignable_by is not null;Sys_id and description of a specific role
Determine the unique system identifier and description of a specific user role within a ServiceNow environment. This can be useful for understanding the permissions and capabilities associated with that role.
select sys_id descriptionfrom servicenow_sys_user_rolewhere name = 'pdb_user';select sys_id descriptionfrom servicenow_sys_user_rolewhere name = 'pdb_user';Schema for servicenow_sys_user_role
| Name | Type | Operators | Description |
|---|---|---|---|
| _ctx | jsonb | Steampipe context in JSON form, e.g. connection_name. | |
| assignable_by | jsonb | Roles that can assign this user role. | |
| can_delegate | boolean | Indicates if users with this role can delegate tasks. | |
| description | text | Description or details of the user role. | |
| elevated_privilege | boolean | Indicates if the user role has elevated privileges. | |
| grantable | boolean | Indicates if the user role can be granted to other users. | |
| includes_roles | text | Roles included within this user role. | |
| name | text | Name or label of the user role. | |
| requires_subscription | text | Indicates if the user role requires a subscription. | |
| scoped_admin | boolean | Indicates if the user role has scoped administration privileges. | |
| suffix | text | Suffix or postfix for the user role. | |
| sys_class_name | text | System class name of the record. | |
| sys_created_by | text | User who created the record. | |
| sys_created_on | timestamp with time zone | Date and time when the record was created. | |
| sys_id | text | Unique system identifier for the record. | |
| sys_mod_count | bigint | Number of times the record was modified. | |
| sys_name | text | Name of the record. | |
| sys_package | jsonb | Package associated with the record. | |
| sys_policy | text | Policy associated with the user role. | |
| sys_scope | jsonb | Scope associated with the user role. | |
| sys_update_name | text | User who last updated the record. | |
| sys_updated_by | text | User who last updated the record. | |
| sys_updated_on | timestamp with time zone | Date and time when the record was last updated. |
Export
This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- servicenowYou can pass the configuration to the command with the --config argument:
steampipe_export_servicenow --config '<your_config>' servicenow_sys_user_role