Manage Scripting Governance Tool

  • Release version: Australia
  • Updated April 6, 2026
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Manage Scripting Governance Tool

    The Scripting Governance Tool in ServiceNow helps enforce scripting policies and manages user access to scripting capabilities by automatically assigning users to script writer groups. It operates in two states: enabled and disabled. By default, the tool is enabled to ensure governance over scripting activities in your instance.

    Show full answer Show less

    Key Features

    • Enable/Disable Control: Only users with the securityadmin role can enable or disable the Scripting Governance Tool by running specific scheduled scripts in the Scheduled Script Executions module.
    • Governance Enforcement: When enabled, scripting governance policies and ACLs are active. Users are evaluated against scripting access rules and assigned accordingly to Conditional Script Writer groups.
    • Access Management: The tool automatically provisions and manages script writer group memberships, with audit logs available to the securityadmin.
    • Non-disruptive Disable: Disabling the tool deactivates enforcement and user evaluation but preserves existing group memberships without enforcement effect, allowing easy reactivation later without data loss.
    • Scheduled Jobs: Enabling or disabling the tool respectively activates or deactivates scheduled jobs that add or update users in the Conditional Script Writer group.

    How to Enable or Disable Scripting Governance

    To manage the state of the Scripting Governance Tool:

    • Disable: Run the "Disable Scripting Governance" script via All > Scheduled Script Executions. This disables key properties related to scripting role provisioning and governance, stops scheduled jobs, and removes users from the Conditional Script Writer group.
    • Enable: Run the "Enable Scripting Governance" script via All > Scheduled Script Executions. This re-enables the necessary properties and scheduled jobs to resume user provisioning and enforcement of scripting policies.

    Practical Benefits

    ServiceNow customers benefit from centralized control over scripting permissions, improved security compliance, and auditability. The tool ensures that only authorized users gain scripting access and that governance policies are consistently enforced across the instance. The ability to toggle the tool on or off safely provides flexibility during maintenance or troubleshooting.

    Enable or disable the Scripting Governance Tool on your instance by running the appropriate script. Only users with the security_admin role can run these scripts and modify the associated properties.

    Scripting Governance Tool states

    Scripting Governance Tool operates in one of two states. The active state determines whether scripting governance policies are enforced and whether users are provisioned to the Conditional Script Writer group.

    Note:
    • Scripting Governance Tool is enabled by default. You can choose to disable.
    • You must elevate your role to security_admin to enable or disable Scripting Governance Tool.
    Table 1. Scripting Governance Tool states
    States Behavior of Scripting Governance Tool
    Enabled
    • Scripting Governance Tool and all associated ACLs are active on the instance.
    • Users are evaluated against scripting access rules and assigned to the appropriate script writer groups.
    • The security_admin can run scans to identify users with scripting access and manage group membership.
    • Scripting governance policies are enforced across all applicable records and transactions.
    • Audit logs and visibility into scripting access are available to the security admin.
    Disabled
    • Scripting Governance Tool and all associated ACLs are deactivated on the instance.
    • No scripting governance policies are enforced. Users are not evaluated or assigned to script writer groups.
    • Existing group memberships from a prior enabled state are preserved but have no enforcement effect.
    • The Scripting Governance Tool interface remains accessible to the security admin but scanning and access management actions are inactive.
    • Scripting Governance Tool can be re-enabled by the security_admin at any time without data loss.

    Disable scripting governance

    To disable Scripting Governance, navigate All > Scheduled Script Executions (sysauto_script_list.do) and run the Disable Scripting Governance script to deactivate Scripting Governance Tool on your instance.

    Running this script performs the following actions:

    • Disables the glide.security.scripting_role.provisioning_job_running property.
    • Disables the glide.security.scripting_role.auto_provisioning property.
    • Disables the glide.security.scripting_governance.enabled property.
    • Disables the Add Users to Conditional Script Writer Group and Update Users in Conditional Script Writer Group scheduled jobs.
    • Removes all users from the Conditional Script Writer Group through a scheduled job.

    Enable scripting governance

    To enable Scripting Governance, navigate All > Scheduled Script Executions (sysauto_script_list.do) and execute the Enable Scripting Governance script to activate Scripting Governance Tool on your instance.

    Running this script performs the following actions:

    • Enables the glide.security.scripting_role.provisioning_job_running property.
    • Enables the glide.security.scripting_governance.enabled property.
    • Enables the Add Users to Conditional Script Writer Group and Update Users in Conditional Script Writer Group scheduled jobs.
    • Schedules the Add Users to Conditional Script Writer Group job to run.