Security Admin role | High Security plugin - Support and Troubleshooting

Security Admin role | High Security plugin Issue The Security Admin role is added by the High Security plugin, which changes the way that ACLs are evaluated in the instance.

Prior to High Security, if an ACL did not exist for a specific table or field, access was granted. This is called Default Allow . After activating High Security, the system switches to Default Deny , meaning if an ACL did not exist for a specific table or field, access is not granted.

Administrators may have configured and designed their security around Default Allow . It is important to review the ACLs to ensure that if a user has access to a table, it is because there is an ACL that grants access.

Resolution If the role is missing because the High Security plugin is not enabled, activating the plugin will resolve the issue. However the High Security plugin must never be activated without first understanding and evaluating the changes it will make to the instance.

Prior to activating the High Security plugin on a production instance, activate the plugin on a sub-production instance and run extensive tests. Switching from Default Allow to Default Deny may cause some users to no longer have access to tables, possibly causing functionalities outage.

Before asking ServiceNow support to add the Security Admin role, check if the High Security plugin is installed, as the dependency should be set.

Related Links Request High Security Settings activation - ServiceNow Product Documentation Instance Hardening and Security Best Practices - ServiceNow Product Documentation