How to restrict the 'admin' role from having too much accessDescription<!-- div.margin{ padding: 10px 40px 40px 30px; } table.tocTable{ border: 1px solid; border-color:#E0E0E0; background-color: rgb(245, 245, 245); padding-top: .6em; padding-bottom: .6em; padding-left: .9em; padding-right: .6em; } table.noteTable{ border:1px solid; border-color:#E0E0E0; background-color: rgb(245, 245, 245); width: 100%; border-spacing:2; } table.internaltable { white-space:nowrap; text-align:left; border-width: 1px; border-collapse: collapse; font-size:14px; width: 85%; } table.internaltable th { border-width: 1px; padding: 5px; border-style: solid; border-color: rgb(245, 245, 245); background-color: rgb(245, 245, 245); } table.internaltable td { border-width: 1px; padding: 5px; border-style: solid; border-color: #E0E0E0; color: #000000; } .title { color: #D1232B; font-weight:normal; font-size:28px; } h1{ color: #D1232B; font-weight:normal; font-size:21px; margin-bottom:-5px } h2{ color: #646464; font-weight:bold; font-size:18px; } h3{ color: #000000; font-weight:BOLD; font-size:16px; text-decoration:underline; } h4{ color: #646464; font-weight:BOLD; font-size:15px; text-decoration:; } h5{ color: #000000; font-weight:BOLD; font-size:13px; text-decoration:; } h6{ color: #000000; font-weight:BOLD; font-size:14px; text-decoration:; } ul{ list-style: disc outside none; margin-left: 0; } li { padding-left: 1em; } --> The base system 'admin' role is very unique and should be considered as the all-inclusive user role since it passes all user role requirements. Essentially the 'admin' role contains almost all other roles, besides "security_admin" and "maint". If an ACL requires a specific role, the admin user will pass that ACL regardless if the Admin Overrides checkbox is not selected. Additionally, if there are any other scripts that require a role, the 'admin' role will always pass access. From our product documentation, you can see the following information in the role description- "The administrator role. This role has special access to all system features, functions, and data because administrators can override ACL rules and pass all role checks. Consider these implications when using admin overrides on ACLs." -https://docs.servicenow.com/csh?topicname=r_BaseSystemRoles.html&version=latest Release or EnvironmentAll versionsResolutionIf there is important data (such as HR information) that should not be modified or seen by the 'admin' role, additional steps need to be taken to prevent admin users from having too much access. If the role requirement is removed on an ACL and the Admin Overrides checkbox is unchecked, a scripted role check to ensure users do not have the admin role will keep the admin user from having too much access. Here is an example of a simple script to add to an ACL: if (gs.hasRole('hr_admin') && !gs.hasRole('admin')) { answer = true; } else { answer = false; }