How to configure a user account to have roles automatically removed after a set timeSummary<!-- /*NS Branding Styles*/ --> .ns-kb-css-body-editor-container { p { font-size: 12pt; font-family: Lato; color: #000000; } span { font-size: 12pt; font-family: Lato; color: #000000; } h2 { font-size: 24pt; font-family: Lato; color: black; } h3 { font-size: 18pt; font-family: Lato; color: black; } h4 { font-size: 14pt; font-family: Lato; color: black; } a { font-size: 12pt; font-family: Lato; color: #00718F; } a:hover { font-size: 12pt; color: #024F69; } a:target { font-size: 12pt; color: #032D42; } a:visited { font-size: 12pt; color: #00718f; } ul { font-size: 12pt; font-family: Lato; } li { font-size: 12pt; font-family: Lato; } img { display: ; max-width: ; width: ; height: ; } } In previous versions of the ServiceNow Platform, in order to configure an account to have roles that were automatically removed after a certain day/time, this functionality had to be created through the use of customized scripts and similar objects. However, starting with the Washington DC Release and newer, the system now features the creation and use of Time-Limited User Roles. Release<!-- /*NS Branding Styles*/ --> .ns-kb-css-body-editor-container { p { font-size: 12pt; font-family: Lato; color: #000000; } span { font-size: 12pt; font-family: Lato; color: #000000; } h2 { font-size: 24pt; font-family: Lato; color: black; } h3 { font-size: 18pt; font-family: Lato; color: black; } h4 { font-size: 14pt; font-family: Lato; color: black; } a { font-size: 12pt; font-family: Lato; color: #00718F; } a:hover { font-size: 12pt; color: #024F69; } a:target { font-size: 12pt; color: #032D42; } a:visited { font-size: 12pt; color: #00718f; } ul { font-size: 12pt; font-family: Lato; } li { font-size: 12pt; font-family: Lato; } img { display: ; max-width: ; width: ; height: ; } } This functionality was introduced with the Washington DC release and is and will be included in each release version thereafter. Instructions<!-- /*NS Branding Styles*/ --> .ns-kb-css-body-editor-container { p { font-size: 12pt; font-family: Lato; color: #000000; } span { font-size: 12pt; font-family: Lato; color: #000000; } h2 { font-size: 24pt; font-family: Lato; color: black; } h3 { font-size: 18pt; font-family: Lato; color: black; } h4 { font-size: 14pt; font-family: Lato; color: black; } a { font-size: 12pt; font-family: Lato; color: #00718F; } a:hover { font-size: 12pt; color: #024F69; } a:target { font-size: 12pt; color: #032D42; } a:visited { font-size: 12pt; color: #00718f; } ul { font-size: 12pt; font-family: Lato; } li { font-size: 12pt; font-family: Lato; } img { display: ; max-width: ; width: ; height: ; } } There are many scenarios in which an administrator may want to have a specific account configured with roles that will automatically be removed after a set day or time. Previous to some of the recent releases this had to be done using a potentially complex combination of customized objects on an instance. However, with more recent releases (starting with the Washington DC release and continuing to the most up-to-date, current release) this capability is now included out-of-box with any instance. To thus create such a mechanism on the instance, follow these steps: Ensure to be logged into the instance with an account having admin rights to the instance. Once logged onto the instance, from the Menu Navigator, browse to location: User Administration -> Time-Limited User Roles. To create a new such role/user association, click the New button. Fill out the fields on the form as follows: Active: true (selected or checked) Role: This should be the role rom the selector, that you want to assign to a user on a temporary basis. It should be noted that only a specific selection of roles are available to be assigned on a temporary basis, out-of-box on an unmodified instance this would be the "admin", "snc_read_only" and "impersonator" roles. User: This should be the specific user that you want to have this role for this limited time. This is selected from a record picker control. Start Time: This should be the day and time (entered in your local timezone) that you want this role and user mapping to start. End Time: This field should be set to the day and time on which you want this user to no longer have access to the specified role. You will probably also want to add appropriate "Comments" detailing the purpose of providing this specific user with the selected role. Once the fields in the new record form are filled out as needed, click the Submit button to save the record. There are a few things to be aware of regarding these temporary user to role mappings: The role will not show for the user in his standard roles view. The role will also not show in the normal list of user role mappings.If the assigned role requires or consumes a license, this temporary assignment will thus also require such a license.The roles thus allowed to be assigned in this way can expanded from the three out-of-box roles that are allowed. This can be configured by thus creating the System Property with the name "glide.security.timelimited.roles.allowed_roles" and setting the Value of this System Property to a comma delimited list of roles that are allowed to thus be temporarily assigned using this form and mechanism.