CSA - ServiceNow System Administrator Users, Groups, and Roles Questions and Answers

Question 1

A user belongs to two groups: 'Service Desk' and 'Change Approvers'. The 'Service Desk' group has the 'itil' role. The 'Change Approvers' group has the 'approver_user' role. Which of the following statements is true regarding the user's permissions?

Accepted Answer

The user can perform actions permitted by both the 'itil' and 'approver_user' roles.

Answer

In ServiceNow, when a user is a member of multiple groups, they inherit the roles from all of those groups. The permissions are cumulative. Therefore, the user will have the capabilities of both the 'itil' role (from the Service Desk group) and the 'approver_user' role (from the Change Approvers group).

Question 2

A ServiceNow administrator needs to grant access to a new custom application. According to ServiceNow best practices, what is the recommended method for assigning roles to a large number of users?

Accepted Answer

Create a new group, assign the application role to the group, and then add users to the group.

Answer

ServiceNow best practice is to assign roles to groups rather than to individual users. This simplifies administration, as you only need to manage group memberships rather than individual role assignments. When a user is added to a group, they automatically inherit all the roles assigned to that group.

Question 3

Which of the following is a key characteristic of a Role in ServiceNow?

Accepted Answer

It controls access to features and capabilities.

Answer

A role in ServiceNow is a record in the `sys_user_role` table that controls access to applications, modules, and other features. Groups are collections of users, and user records are stored in the `sys_user` table. While roles indirectly affect task assignment by granting access, their primary function is access control.

Question 4

An IT manager wants to ensure that only members of the 'Network' group can be assigned network-related incidents. When an incident is categorized as 'Network', the 'Assignment group' field is correctly populated with the 'Network' group. However, the 'Assigned to' field still allows lookup of any ITIL user. What feature ensures the 'Assigned to' field is dependent on the 'Assignment group'?

Accepted Answer

A Reference Qualifier

Answer

A Reference Qualifier is used to filter the records that are returned for a reference field. In this scenario, a dynamic reference qualifier can be configured on the 'Assigned to' field to restrict the selectable users to only those who are members of the group specified in the 'Assignment group' field. This is out-of-the-box functionality for task tables.

Question 5

Where in the ServiceNow platform would a system administrator navigate to create and manage user groups?

Accepted Answer

User Administration > Groups

Answer

User groups are managed within the User Administration application. The specific module is 'Groups', which can be found by navigating to User Administration > Groups in the Application Navigator.

(CSA) ServiceNow System Administrator Certification Practice Test

(CSA) ServiceNow System Administrator Certification Practice Test

CSA - ServiceNow System Administrator Users, Groups, and Roles Questions and Answers