ServiceNow Administrator Tutorials

>>

Chapter 10 - Access Controls (ACL)

>>

Understanding Access Control Concepts in ServiceNow

10

Understanding Access Control Concepts in ServiceNow

In ServiceNow, Access control lists are important for maintaining security and ensuring that only specific people can access specific information. ServiceNow Access Control Lists enable admins and developers to build secure, scalable systems. 

What is Access Control? 

Access control lists in ServiceNow define who can access what data and what actions can be taken on it. The access control list enforces such rules stored in the sys_security_acl table. 

ACLs determine which roles or users have permissions to read, write, create or delete records in tables or fields. Access control lists are used to manage who can modify what in the platform.

Types of Permissions

The access control lists have specific permissions based on different criteria. These permissions are divided into the 4 components, including: 

  • Object Type: It is a mandatory component that allows managing what is to be protected, such as the fields, tables, or records. 
  • Operations: It is also a mandatory component that controls read, write, create, and delete access. 
  • Condition: It is optional to add permissions in these components. It is used to define when ACL applies on the platform. 

Script: An optional component used for advanced logic.

What are the Levels of Access in ServiceNow? 

ServiceNow uses a hierarchical structure that allows users to access records and fields. The ACL rules are applied to a specific operation, and the platform evaluates them first. There are three major levels of access in ServiceNow: 

Table-Level Access

It allows you to control actions across the entire table. It is applied using “Table.None”. The major permissions in the table-level access include: 

  • Create: Provides users with access to add new records to the table. 
  • Read: It helps determine what records a user can view. 
  • Write: It allows users to modify the records in a table. 
  • Delete: It allows users to permanently delete a specific record from the table. 

Field-Level Access

Field-level access control allows users to control a specific field on a table. It is applied using “Table.*” and “Table.{FieldName}”. In this, the users have three types of permissions, including: 

  • Read: Provides visibility to specific fields or records. 
  • Write: Controls what can be modified in a specific field by a user. 
  • Create: Determines whether a user can set values in specific fields when creating a record. 

Global Level Access

Global-level access applies to all tables and records in a ServiceNow instance. It helps in creating default permissions for the platform. 

Security Modules

Security modules/attributes are custom/predefined logics that verify the security context in a user session. 

If any standard condition checks the records, the security attribute checks the user session. 

These conditions are evaluated in real time with present record values. 

ACL Rule Types

In ServiceNow, there are three different types of ACL rules. These describe the evaluation method or logic type used within those ACL rules. These are: 

  • Role-Based ACL: It is the initial evaluation criterion that determines whether the user has the necessary roles for access. 
  • Conditional ACL: It uses conditions, such as field values or Boolean checks, to allow or deny access. 
  • Scripted ACL: It uses the server scripts to identify access and combines roles and conditions. If the script returns true, access is granted, and if it returns false, access is denied. 

What’s Next? 

In the next topic, we will focus on ACL operations and how ACLs are created in different ways. 

Next Topic

Sign Up for Free Demo

Book Free15-Minutes Career Counselling

Schedule Now
Call Us On