Study Material/CSA/Config
10% of Exam~6 questions

Instance Configuration

This domain covers the administration and configuration of a ServiceNow instance, including system properties, branding, plugins, and core setup tasks that every administrator must know.

System Properties

System Properties control instance-wide behavior and settings. They are key-value pairs stored in the sys_properties table and affect how the platform behaves.

Key System Properties to Know

Important Properties

PropertyPurpose
glide.ui.list.rows_per_pageDefault number of rows displayed in list views
glide.product.descriptionInstance banner/company name displayed in the header
glide.email.smtp.activeEnables/disables outbound email
glide.ui.session.timeoutSession timeout duration
glide.sys.date_formatSystem date format
glide.ui.escape_html_list_fieldHTML sanitization for list fields
📝Exam Tip

System Properties are found under System Properties > All Properties, or by navigating to sys_properties.list. Some properties have dedicated configuration pages under System Properties modules. Properties can be categorized and have types (string, integer, boolean, etc.).

Branding & Theming

ServiceNow allows administrators to customize the look and feel of the instance through branding settings, themes, and UI configurations.

Branding Options

  • Company Name — Set via System Properties. Appears in the banner.
  • Banner Image/Logo — Upload a custom logo for the platform header.
  • Theme — Choose from predefined themes or create custom color schemes.
  • Favicon — Custom browser tab icon.
  • Login Page — Customize the login page background, logo, and text.
  • Next Experience Branding — Separate branding controls for Polaris UI under System Properties > Next Experience Branding.
💡Pro Tip

Branding changes for Next Experience are made in a different location than classic UI branding. Navigate to System Properties > My Company for basic settings, and Now Experience Framework > Themes for advanced theming.

Plugins & Applications

Plugins extend ServiceNow functionality. They are pre-built feature sets that can be activated on an instance to enable new capabilities.

Plugin Concepts

  • Plugins are activated, not installed — they already exist on the instance but are inactive by default.
  • Activation is done via System Definition > Plugins.
  • Some plugins require a license or subscription.
  • Plugin activation may create new tables, modules, roles, and business rules.
  • Once activated, some plugins cannot be deactivated.
  • Demo data can optionally be loaded during activation.
⚠️Warning

Test plugin activation in a sub-production instance first. Some plugins cannot be deactivated and may add significant overhead. Always review plugin dependencies before activating.

AD SPACE

Users, Groups & Roles

User management is fundamental to ServiceNow administration. Users, groups, and roles work together to control access and assignment.

User Record (sys_user)

  • Stores all platform users — employees, customers, external users.
  • Key fields: User ID, Name, Email, Active, Department, Location, Manager.
  • Password and authentication settings.
  • Time zone and language preferences.

Groups (sys_user_group)

  • Collections of users for assignment and notification routing.
  • Groups can contain other groups (nested groups).
  • Key fields: Name, Manager, Email, Type, Members, Roles.
  • Assignment groups route work (incidents, changes) to teams.
  • Approval groups can be used in approval workflows.

Roles (sys_user_role)

  • Define what a user can see and do on the platform.
  • Assigned directly to users or inherited through group membership.
  • Roles are cumulative — a user gets the union of all assigned roles.
  • Key roles: admin, itil, catalog_admin, knowledge_admin, approver_user.
  • The 'admin' role bypasses ALL Access Control Rules (ACLs).
  • Roles can contain other roles (role inheritance/hierarchy).

Key Default Roles

RolePurpose
adminFull access — bypasses all ACLs
itilITSM user — can manage incidents, problems, changes
catalog_adminManage Service Catalog items and categories
knowledge_adminManage Knowledge Bases and articles
approver_userCan approve/reject approval requests
sn_change_writeCreate/modify change requests
🔴Key Concept

Roles are cumulative and inherited. If a user is in Group A (with role itil) and Group B (with role catalog_admin), the user has BOTH roles. The admin role is special — it bypasses all security checks.

SCENARIO

A new IT support analyst needs to create and manage incidents, problems, and changes. They also need to view the CMDB. What is the minimum role they need?

Answer

Assign the 'itil' role. This role provides access to create and manage incident, problem, and change records, and includes read access to the CMDB. It is the standard role for ITSM practitioners.

Impersonation & Delegation

Impersonation allows an admin to temporarily assume another user's identity to troubleshoot issues or test security configurations.

How Impersonation Works

  • Admin navigates to the user menu > Impersonate User.
  • The admin sees exactly what the impersonated user sees — same roles, ACLs, and menus.
  • Actions taken while impersonating are logged under the impersonated user in the system log, but audit logs track the real admin.
  • Impersonation does NOT grant the admin any additional access — it restricts them to the target user's access level.
  • Useful for testing ACLs, UI policies, and verifying user experience.
📝Exam Tip

Impersonation is a testing/debugging tool for admins. The impersonating admin loses their admin access and only has the target user's roles. All actions are auditable. The system property 'glide.ui.impersonate.log' controls impersonation logging.

Key Takeaways

  • System Properties (sys_properties) control instance-wide behavior — learn the key properties by name.
  • Plugins are activated, not installed. Some cannot be deactivated. Always test in sub-production first.
  • Roles are cumulative — a user gets the union of all directly assigned and group-inherited roles.
  • The 'admin' role bypasses ALL ACLs. This is the most powerful role in the system.
  • Impersonation restricts the admin to the target user's access. It does not grant additional permissions.
  • Branding for Next Experience (Polaris) is configured in a different location than classic UI branding.
PlatformCollaboration
AD SPACE

Community-created study aids. Not official ServiceNow exam content.