The Now Platform includes the capability to easily configure a specific user or group to access certain tables, but only in a read-only format. This is done through the special snc_read_only role.
Adding this role to a user or group on the instance will cause all users with this role to immediately have read-only access to any tables they could previously modify or otherwise manipulate.
The snc_read_only role provides no additional permissions to the individual or group to whom it is assigned (read or otherwise). This role is normally used together with one or more other roles. This role will simply prevent the user from inserting, modifying, or deleting records in tables that the user currently has access to by virtue of other roles or permissions on the instance.
As an example, suppose we have a user who is a member of the standard itil role. Normally, this user can access and edit a number of different record types in the instance (such as Incident).
However, if the snc_read_only role were added to this user (retaining all the other roles already associated with the user), his view of the same Incident ticket would appear as the following, in which the user could no longer edit the Incident.
If the role is to be added to a user, the following steps can be used.
That user, on the next login, will then have read-only access to any records they can access.
The same procedure can be used to remove the role from a user. In that case, however, the snc_read_only role would be found in the list to the right and double-clicked to remove it from that list.
On the user's next login, they will then have the capability to edit any applicable objects that are provided by other roles.
This role can sometimes be the cause of other issues. A user may report that, while previously they had permissions or rights to edit certain record types, suddenly they no longer can, with the button and menu options no longer appearing and the fields appearing in a read-only format.
One of the first things to check is to ensure that the snc_read_only role has not somehow inadvertently been assigned to that user. If so, and the user should indeed have the rights to edit records, removing the role from the user's profile and having the user log out and back into the instance will correct the issue.