Write roles on a catalog item variable are not applied when creating a new requestIssue If a catalog item contains a variable with specific write roles, users without the specified roles are still able to write to the variable when submitting the catalog item.ReleaseService CatalogCauseThis is expected platform behavior. The read/write roles only apply to the variables in the variable editor after the item has been requested. This is mentioned in the product documentation linked below. https://docs.servicenow.com/bundle/newyork-it-service-management/page/product/service-catalog-management/task/t_CreateAVariableForACatalogItem.html "Roles that can edit the variable in the variable editor after requesting the catalog item or record producer. If a user does not have the roles specified in this field, the variable is read-only in the variable editor."ResolutionYou can make the variable read only on the submission form by using a UI Policy or client script to check the user's roles. You can then make the field read only based on the results.Related Linkshttps://docs.servicenow.com/bundle/newyork-it-service-management/page/product/service-catalog-management/task/t_CreateAVariableForACatalogItem.html