ServiceNow Certified System Administration Practice

What is the best practice for managing users, groups, and roles?

• A. Assign users to groups, map roles to users directly
• B. Assign users to groups, map roles to groups, apply general roles to small groups
• C. Assign users to roles only
• D. Leave groups unassigned to simplify management

The correct answer is: Assign users to groups, map roles to groups, apply general roles to small groups

The best practice for managing users, groups, and roles involves assigning users to groups and then mapping roles to those groups rather than directly to individual users. This approach offers several advantages that streamline the administration of user access and permissions in ServiceNow. By assigning users to groups, you create a structure that simplifies permission management and enhances security. When roles are mapped to groups, any user joining the group automatically inherits the roles assigned to it, reducing the administrative burden. This method not only improves efficiency but also reduces the risk of excessive permissions being assigned to users. Additionally, it allows for the implementation of more tailored access control strategies, where specific groups reflect a particular function or department. Furthermore, applying general roles to small groups allows for better governance and auditing. This practice ensures that users have access only to the resources they need for their roles, maintaining principle of least privilege. It also makes it easier to manage and audit permissions, as you can review group roles rather than having to check each individual user. Using this structured approach ultimately leads to better organization and clearer management of user permissions, which is essential in a platform like ServiceNow where proper access control is crucial for security and compliance.