Table: servicenow_sys_user_role - Query ServiceNow User Roles using SQL

ServiceNow User Roles is a feature within the ServiceNow platform that facilitates role-based access control (RBAC). It enables administrators to assign specific roles to users, thereby controlling their access to certain parts of the system. This feature is essential for managing user permissions and ensuring security within the ServiceNow environment.

Table Usage Guide

The servicenow_sys_user_role table provides insights into user roles within ServiceNow. As an administrator, explore role-specific details through this table, including role names, descriptions, and associated users. Utilize it to uncover information about roles, such as those with excessive permissions, the distribution of roles among users, and the verification of user access rights.

Examples

Roles considered elevated privileges

Discover the segments that have elevated privileges in the ServiceNow user role system. This can be useful to identify potential risks or security concerns within your system.

select
  name
from
  servicenow_sys_user_role
where
  elevated_privilege = true;

select
  name
from
  servicenow_sys_user_role
where
  elevated_privilege = 1;

Roles that can be granted independently

Identify roles within ServiceNow that are permitted to be granted independently. This allows for a more flexible and customizable management of user permissions within the system.

select
  name
from
  servicenow_sys_user_role
where
  grantable = true;

select
  name
from
  servicenow_sys_user_role
where
  grantable = 1;

Roles that require a subscription

Determine the roles that necessitate a subscription within your ServiceNow environment. This can be useful for managing access and budgeting resources.

select
  name
from
  servicenow_sys_user_role
where
  requires_subscription = 'yes';

select
  name
from
  servicenow_sys_user_role
where
  requires_subscription = 'yes';

Roles that can be delegated

Identify instances where certain roles can be delegated within the ServiceNow system. This is useful in understanding the hierarchy and distribution of responsibilities within your organization.

select
  name
from
  servicenow_sys_user_role
where
  can_delegate = true;

select
  name
from
  servicenow_sys_user_role
where
  can_delegate = 1;

Scoped administrator roles

Explore which roles in ServiceNow have been assigned scoped administrator privileges. This can help manage security and access control within your organization.

select
  name
from
  servicenow_sys_user_role
where
  scoped_admin = true;

select
  name
from
  servicenow_sys_user_role
where
  scoped_admin = 1;

Roles that include other roles

Discover the segments that have embedded roles within them in your ServiceNow user roles, to better manage and understand your system's access control hierarchy. This can be beneficial in identifying potential security risks or redundancies.

select
  name,
  includes_roles
from
  servicenow_sys_user_role
where
  includes_roles is not null;

select
  name,
  includes_roles
from
  servicenow_sys_user_role
where
  includes_roles is not null;

Roles requiring 'Assignable By' role

Discover the roles that require an 'Assignable By' role for allocation, enabling you to manage and delegate user permissions effectively.

select
  name,
  assignable_by
from
  servicenow_sys_user_role
where
  assignable_by is not null;

select
  name,
  assignable_by
from
  servicenow_sys_user_role
where
  assignable_by is not null;

Sys_id and description of a specific role

Determine the unique system identifier and description of a specific user role within a ServiceNow environment. This can be useful for understanding the permissions and capabilities associated with that role.

select
  sys_id description
from
  servicenow_sys_user_role
where
  name = 'pdb_user';

select
  sys_id description
from
  servicenow_sys_user_role
where
  name = 'pdb_user';

Schema for servicenow_sys_user_role

Name	Type	Description
_ctx	jsonb	Steampipe context in JSON form.
assignable_by	jsonb	Roles that can assign this user role.
can_delegate	boolean	Indicates if users with this role can delegate tasks.
description	text	Description or details of the user role.
elevated_privilege	boolean	Indicates if the user role has elevated privileges.
grantable	boolean	Indicates if the user role can be granted to other users.
includes_roles	text	Roles included within this user role.
instance_url	text	The ServiceNow instance URL.
name	text	Name or label of the user role.
requires_subscription	text	Indicates if the user role requires a subscription.
scoped_admin	boolean	Indicates if the user role has scoped administration privileges.
sp_connection_name	text	Steampipe connection name.
sp_ctx	jsonb	Steampipe context in JSON form.
suffix	text	Suffix or postfix for the user role.
sys_class_name	text	System class name of the record.
sys_created_by	text	User who created the record.
sys_created_on	timestamp with time zone	Date and time when the record was created.
sys_id	text	Unique system identifier for the record.
sys_mod_count	bigint	Number of times the record was modified.
sys_name	text	Name of the record.
sys_package	jsonb	Package associated with the record.
sys_policy	text	Policy associated with the user role.
sys_scope	jsonb	Scope associated with the user role.
sys_update_name	text	User who last updated the record.
sys_updated_by	text	User who last updated the record.
sys_updated_on	timestamp with time zone	Date and time when the record was last updated.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- servicenow

You can pass the configuration to the command with the --config argument:

steampipe_export_servicenow --config '<your_config>' servicenow_sys_user_role