Users with no role can delete approval recordsIssue <!-- div.margin { padding: 10px 40px 40px 30px; } table.tocTable { border: 1px solid; border-color: #e0e0e0; background-color: #fff; } .title { color: #d1232b; font-weight: normal; font-size: 28px; } h1 { color: #d1232b; font-weight: normal; font-size: 21px; margin-bottom: 5px; border-bottom-width: 2px; border-bottom-style: solid; border-bottom-color: #cccccc; } h2 { color: #646464; font-weight: bold; font-size: 18px; } h3 { color: #000000; font-weight: bold; font-size: 16px; } h4 { color: #666666; font-weight: bold; font-size: 15px; } h5 { color: #000000; font-weight: bold; font-size: 13px; } h6 { color: #000000; font-weight: bold; font-size:14px; } ul, ol { margin-left: 0; list-style-position: outside; } --> Overview Users without any role given to them can see the Delete UI action and can delete approval records. This is even without an ITIL or an admin role Approval Records By default, an individual approval record can be deleted by a user with roles approval_admin, itil, catalog, OR if the approval record is for the user This is due to the out-of-box (OOB) ACL delete https://instance-name.service-now.com/nav_to.do?uri=sys_security_acl.do?sys_id=80d53ebec0a801663cf834370c8376d3 A group approval record on the other hand can also be deleted by a user with roles approval_admin, itil, catalog