CIS-ITSM · Question #93
If a change model has Write roles AND Can write defined, which users have the ability to modify the change model record? Choose 2 answers
The correct answer is B. Users with admin role E. Users that have the Write role(s) AND match the Can write user criteria. When a change model has both Write roles and Can write criteria defined, users must satisfy both conditions simultaneously to modify the record, while users with the admin role always retain access.
Question
If a change model has Write roles AND Can write defined, which users have the ability to modify the change model record? Choose 2 answers
Options
- AUsers with the ftil_admin role
- BUsers with admin role
- CUsers that have the Write role(s) OR that match the Can write user criteria
- DUsers with sn_change_write role
- EUsers that have the Write role(s) AND match the Can write user criteria
How the community answered
(37 responses)- A11% (4)
- B78% (29)
- C3% (1)
- D8% (3)
Why each option
When a change model has both Write roles and Can write criteria defined, users must satisfy both conditions simultaneously to modify the record, while users with the admin role always retain access.
The itil_admin role grants elevated ITSM process permissions but does not automatically grant write access to change model records when specific Write roles and Can write criteria are configured.
Users with the admin role bypass change model access restrictions by default and can always modify change model records regardless of Write roles or Can write criteria. When both Write roles and Can write are defined together (E), the system applies AND logic - a user must hold the specified Write role(s) AND match the Can write user criteria, ensuring that access is restricted to only users meeting both requirements simultaneously.
When both Write roles and Can write are defined, the logic is AND not OR - users satisfying only one condition are not granted access; OR logic would apply only if a single condition type is set.
The sn_change_write role grants general change write permissions across change records but does not override the specific access control set by Write roles and Can write criteria on individual change models.
Concept tested: Change model write access control with combined role and user criteria
Source: https://docs.servicenow.com/bundle/washingtondc-it-service-management/page/product/change-management/concept/change-models.html
Topics
Community Discussion
No community discussion yet for this question.