Experiencing challenges with ServiceNow support?

Access professional, reliable assistance tailored to your needs—without breaking your budget.

Search

ServiceNow gs.getUser().hasRole('anytext') Always Returns True – Understanding the Issue and Solutions

ericpark68
Mar 17
2 min read

Updated: Mar 28

The hasRole() function in ServiceNow is a common tool used by developers and administrators to verify user roles within scripts and UI policies. However, you might encounter a scenario where gs.getUser().hasRole('anytext') consistently returns true.

This article explains why this occurs and provides effective solutions to correctly verify user roles.

Understanding the Issue

In ServiceNow, the gs.getUser().hasRole('role') function returns true if the current user has the specified role. However, a significant exception occurs if the user possesses the admin role. Admin users inherently pass all role checks, causing the function to always return true, regardless of whether the role actually exists or is assigned to the admin user.

This behavior is intentional within ServiceNow’s security model, ensuring administrators have unrestricted access for management and troubleshooting. Nonetheless, this can lead to confusion during development or testing.

Troubleshooting & Solutions

To troubleshoot:

Test with Non-Admin Users: Confirm role checks by impersonating non-admin users. If results differ, the admin role is the cause.
Verify Role Existence: Double-check role spelling and existence in the ServiceNow roles (sys_user_role) table.

Alternative Solutions:

hasRoleExactly(): Use this client-side function (g_user.hasRoleExactly('role')) for precise checks. On server-side, availability may vary by ServiceNow version.
Custom Role Verification Script:

function userHasRoleExactly(userId, roleName) {
    var gr = new GlideRecord('sys_user_has_role');
    gr.addQuery('user', userId);
    gr.addQuery('role.name', roleName);
    gr.query();
    return gr.hasNext();
}

Session Role Check:

function hasRoleExactly(roleName) {
    var rolesList = (gs.getSession().getRoles() + '').split(',');
    return new ArrayUtil().contains(rolesList, roleName);
}

Best Practices

Use exact role verification for security-sensitive features.
Test role checks thoroughly with varied user permissions.
Document your scripts clearly to inform future developers about the rationale behind custom checks.

Conclusion

Understanding the admin override behavior in the hasRole() function is crucial.

Use the provided solutions to accurately validate roles, ensuring your ServiceNow applications remain secure, maintainable, and functional.