Latest Zurich Change to ServiceNow's Scripting Governance Tool

April 22, 2026
This is some text inside of a div block.
minute read

The ServiceNow Scripting Governance Tool was introduced to help organizations regain visibility and control over custom scripts that can affect security, stability, and platform performance. If you recently upgraded to the Zurich release, you may have noticed new controls around how scripts are created and executed in ServiceNow.  

In this guide, you will learn what the tool does, why it matters after the Zurich upgrade, and how it helps you keep your ServiceNow environment secure and well governed.

What is the ServiceNow Scripting Governance Tool?

The ServiceNow Scripting Governance Tool is a pivotal feature introduced in the Zurich upgrade to enhance security and governance around scripting activities within your ServiceNow platform. Unlike previous releases where admin roles inherently included scripting rights, Zurich decouples these privileges to reduce risks associated with unrestricted script access.

Scripting on ServiceNow can profoundly impact your platform’s stability, security, and compliance posture. The scripting governance tool provides a centralized way to manage who can write and edit scripts, introducing a more granular security model by leveraging the new role “snc_required_script_writer_permission” assigned via the Conditional Script Writer group.

This separation means admins no longer have automatic scripting rights. Instead, explicit permissions improve control and reduce the chances of unauthorized or accidental script changes that could disrupt critical workflows or introduce vulnerabilities.

Why Did My Admins Lose Scripting Rights After the Zurich Upgrade?

Previously, administrators enjoyed broad scripting capabilities by virtue of their admin role. The Zurich release changed this by introducing a stricter governance framework designed to enforce principle-of-least-privilege access.

During the upgrade, ServiceNow automatically added users who had scripting access to the Conditional Script Writer group to maintain continuity. However, the default setting includes many more users than necessary, especially since the tool assumes a broad rights model initially. Hence, admins without the specific scripting role cannot edit or create scripts even though they retain their admin privileges.

This change is a deliberate move toward stronger platform security and better compliance with governance policies. Scripting rights are now a distinct permission to ensure that only approved, knowledgeable users can write or modify scripts, reducing the possibility of technical debt, misconfiguration, or security risks.

What Is the Conditional Script Writer Group and How Does Auto-Provisioning Work?

The Conditional Script Writer group is the key to controlling scripting access on your platform. Members gain the special role allowing script creation and modification: “snc_required_script_writer_permission”.

By default, the Zurich upgrade runs a one-time provisioning job that adds all eligible users (those with at least one other platform role) into this group to prevent any immediate loss of scripting capability.

After this initial provisioning, an ongoing scheduled job controls auto-provisioning of new users based on system property settings, specifically, the “glide.security.scripting_role.auto_provisioning” property.

  • When set to true (default), the system automatically adds new eligible users to the group.
  • When set to false, auto-provisioning is disabled, and you must manually assign scripting rights to users.

It’s important to note that disabling auto-provisioning cannot be reverted via the UI. To re-enable, you must run a special script in the background.

How to Manage Scripting Governance Permissions

Simply relying on auto-assignment can lead to over-provisioning, which defeats governance goals. To maintain tight controls and ensure security, consider the following practical approach:

Step 1: Define Your Scripting Policy

Establish clear business criteria about who should have scripting permissions. Typical categories include:

  • Core platform developers
  • Approved citizen developers in no-code/low-code initiatives - be sure to understand ServiceNow citizen developer governance
  • Specialists handling integrations or complex workflow customizations

Use the "Scan for users who have scripted" feature from the governance tool to identify active script writers, comparing this data against your policy.

Step 2: Implement Policy Through Groups and Roles

Create or designate groups that align with your policy. Assign the scripting role only to these groups rather than relying on the default Conditional Script Writer group.

Remove unnecessary users from the Conditional Script Writer group and stop the auto-provisioning job if you want full manual control.

Step 3: Monitor and Audit Regularly

Governance is ongoing. Regularly scan scripting activity and review group membership to remove inactive or unauthorized users. This disciplined oversight safeguards your environment from accidental or malicious code changes.

What Are the Challenges with the Scripting Governance Tool?

One significant challenge is that the scripting governance role controls access to all script-like fields, including HTML fields used for knowledge base articles or problem annotations. This means that users without scripting permission might face unexpected restrictions on routine tasks involving HTML fields.

While this restriction bolsters security, it does raise practical concerns for common use cases, such as editing KB articles by standard itil users. Organizations often must balance tight security controls with business usability, sometimes necessitating granting the scripting permission more broadly if those users need to edit HTML content.

Additionally, managing the group and role assignments separately from other admin or ITIL roles can add administrative complexity. Some organizations opt to embed the scripting role in parent roles, such as admin, to streamline management, though this reduces granularity.

How Does the Scripting Governance Tool Improve Compliance?

The Scripting Governance Tool improves compliance by separating scripting permissions from general administrative access, helping organizations enforce stronger governance controls. By limiting script creation and execution to authorized, trained users, the platform supports the principle of least privilege and reduces the risk of unsafe changes.

This approach also strengthens accountability because scripting activity can be monitored and audited more clearly. Governance teams gain better visibility into who is creating or modifying scripts, which supports internal controls and regulatory reporting.

Ultimately, the tool helps modern enterprises maintain a secure, well-controlled ServiceNow governance platform environment that supports compliance mandates and reduces operational risk.

How Can You Restore Scripting Rights Post-Zurich Upgrade?

To restore scripting rights for admins or other users:

  1. Add them to the appropriate group with the “snc_required_script_writer_permission” role. Either the default Conditional Script Writer group or a custom group per your policy.
  2. Alternatively, assign the scripting role directly if suitable.
  3. Use the Scripting Governance dashboard to monitor user scripting activity and manage permissions proactively.
  4. Optionally, disable auto-provisioning if you prefer manual control over scripting permissions.

Best Practices for Using the Scripting Governance Tool

To use the Scripting Governance Tool effectively, organizations should avoid relying on the default broad auto assignment settings and instead tailor scripting groups to match their specific platform structure and governance model. Defining clear roles is also important, particularly separating platform administration responsibilities from scripting permissions to maintain proper oversight and control.

Access to scripting capabilities should be reviewed regularly to ensure it still reflects current roles and responsibilities. Removing access for inactive users or those who have changed positions helps reduce unnecessary risk and keeps permissions aligned with governance policies.

It is also important to consider how restrictions on HTML and script-like fields may affect end users. Some workflows or forms may require remediation or carefully managed exceptions to maintain functionality while still enforcing governance standards.

Finally, platform owners, administrators, and governance teams should be trained on how the tool works and how it fits into the broader security model. When teams understand the controls and processes in place, it becomes much easier to maintain compliance and reduce scripting related risks.

Strengthen ServiceNow Governance Without Slowing Innovation

The shift in the Scripting Governance Tool post-Zurich reflects a maturing approach to enterprise platform security. It’s not about limiting innovation but enabling it safely through structured permissioning.

You can regain control and confidence in your platform’s evolution by adopting these governance best practices. Our team at XType is here to help you implement effective ServiceNow platform governance frameworks, manage technical debt, and ensure upgrade readiness. With the right tooling and policies, you’ll reduce risk without impeding your teams’ ability to innovate and deliver value.

Reach out to us to explore how XType can support your ServiceNow governance journey and keep your platform secure, scalable, and future-ready.

Get the free ebook
Discover how to deliver built-in governance for ServiceNow.
Get the eBook
Instant Demo
Check out how xtype provides the ability to meet ANY level of demand from the business on the ServiceNow platform.
Access Demo
News
Your one-stop destination for the latest and greatest happenings at xtype.
See the News

Related Articles

ServiceNow Data Governance, Management, and Ownership
This guide explores ServiceNow data governance, addressing key challenges and governance structures that empower platform owners and governance teams to safeguard their ServiceNow investment.
Read more
A Complete Guide on Efficient ServiceNow CMDB Governance
CMDB governance is vital for managing an IT environment. Here are some ways XType uses ServiceNow CMDB governance to support your platform stability.
Read more
Transform ServiceNow Audit Trails from Hope to a Guaranteed Record of Integrity
Mutable audit trails risk compliance nightmares. xtype delivers immutable records that survive clones & prove integrity for SOX, FDA, HIPAA & more on the ServiceNow AI Platform. Guarantee audit confidence.
Read more

Let’s talk

Discover how to move fast and stay in control with xtype’s Governance Platform for ServiceNow