[Music] i'm lorena villanueva and today we're going to do an introduction of users groups and roles in service now we'll be working in the paris instance but in general the steps shown today are applicable to prior instances as well at a high level and referencing servicenow documentation users are individuals who have access to the system groups are sets of users with a common purpose and roles allow access to features within your organization's instance for example today we are going to create a new group that will be handling incidents along with that will create a new user and assign them rules to allow access jumping into our developer instance as an admin i automatically have access to all application menus and modules within the platform however today we are going to focus heavily on the user administration application menu to begin we're going to take a look at how to create a user which is essential to use the features within servicenow to create a user we navigate to the user's module under user administration selecting the module will show us all records of users in the instance in this case our demo instance has 613 records we're going to add to that by selecting the new option after selecting new we are brought to a form where we can create a new user record today i'm going to create a record named john smith by default he is set to active setting him to inactive would not allow him access into the system after creating john smith's user record we see that neither roles nor groups are assigned to him we know that jon will be handling incidents so we'll need to put him in a group whose purpose is to have incident access let's take a look at the group's module after skimming through the records i can't find a group that'll suit my needs so i'll need to create a new group record after selecting new i'm brought to a form to create a new group record for this example we'll go ahead and name this group incident response i'll set the manager as abraham lincoln we've created our group and we know our group will need access to incident records our next step is to add a role to the group record what will that do well earlier we mentioned that the roles allow access to features within your organization's instance looking at the world's related lists of the group record we notice that there are new roles assigned to the group let's take care of that to add roles to the group we select edit after selecting edit we're brought to a screen where we're given a list of all roles in the system let's go ahead and look for itil we have now assigned the itil rule to the incident response group assigning itil to incident response will allow users in that group to have access to all incident records in the system before we add group members to our incident response group let's take a look at john's user profile here we notice that john has neither roles nor groups of signs impersonating john smith we notice he has limited visibility and access to applications in the instance for example when typing incidents in the filter navigator we currently do not have access to incident records the only option for john is to create a new incident after john has created his incident his record is the only visible record in the incidents module as an admin we're looking at our new group record and we're ready to add john as a group member by selecting edit we're brought to a screen showing all user records in the system let's select john's record we've now added group members to the incident response group record earlier we assigned the itool world to the group so what does that mean for john and abel are two group members that we've added to the incident response group well it simply means that both john and abel have inherited the itil role let's confirm that by navigating to john's user profile here on john's profile we notice that his record has been updated he's now assigned to the incident response group and when selecting the roles related list we also noticed that john's inherited the itil role but what just happened john inherited the ito role but he has a total of 25 different rules well selecting the itil record we want to make note that the roll contains an additional 15 rolls and within those additional rolls are additional nested rolls so that in turn gives us a grand total of 25 different roles inherited from the ito role and to confirm that these are related to itil let's go ahead and remove john from the incident response group now that john has been removed from the incident response group we note that his user profile has once again been updated there's no longer a group associated to his record and after removing him from the incident response group his inherited roles have also been removed as best practice it's recommended to assign roles to groups rather than to users this saves you the headache later on down the line when you need to either add or remove roles to multiple users at once so although it is possible to add roles to a user we want to make note that assigning users to groups allows users to inherit rules based on the groups that they are assigned to now that john has been added to the incident response group and he's also inherited that eye tool role let's see if john's access has been updated impersonating john smith i notice right away john's access has been updated he now has access to multiple application menus including the incident menu selecting the all module john now has access to the incident records in the system as a result when john selects a record he has the ability to update and resolve incidents taking another look at how roles operate it was mentioned that roles allow access to features in the instance assigning the itil role to the incident response group gave the two members john and abel access to the incident records but what about abraham lincoln who is the manager of the group let's go ahead and take a look at his user profile to abraham's profile we note that he's assigned to the incident management group in the group record we see that two roles have been assigned to the incident management record one itil and the other ital admin what does this mean well if we recall the itil world allowed the incident response team the team john smith is in to view incident records but what does the itil admin role do impersonating abraham he too has access to multiple applications in the system just as john did when selecting the all module under instance he can view all incident records opening an incident he too can modify update and resolve instance however since he is a manager of the organization we notice that he's been given the additional functionality of a delete button why is this well when we looked at the incident management group there were two roles assigned both ito and ital admin so with the added role of itol admin abraham now has the additional capability of deleting records if necessary digging a little deeper into roles surface now does come with out of box rules allow access to the available modules in your instance however there may be instances where you'll need to create custom roles for your applications in which case you are certainly able to create new roles just as you would new users and new groups of course this may be on a subscription basis so be sure to contact your servicenow sales rep to see what options are available for your organization in this video we covered the basics of creating users and groups as well as assigning roles for access to summarize users are individuals who have access to the system groups are sets of users with a common purpose and roles allow access to features within your organization's instance that concludes our servicenow introduction and from all of us at quite fast have a great day you