Access Control Flashcards
What are the levels of security ServiceNow provides before an end-user can perform CRUD operations on a table?
User Authentication/Login
Application and Modules access
Database access (tables, records, and fields)
What at the 3 security modules typically used by the system administrator?
System Properties > security
System Security > Access control (ACL)
System Security > High Security Settings
What is an Access Control?
An access control is a security rule defined to restrict the permissions of a user from viewing and interacting with data.
What are SN specific operations on which I can set Access Control rules?
execute: user cannot execute scripts on a record or UI page
edit_ci_relations: user cannot define relationships b/w [cmdb_ci] tables
save_as_template: constrols the field that should be saved when a template is created
report_on: user cannot create reportson the object
personalize_choices; user cannot right-click a choice list field and select Configure Choices
Where to navigate to see all the instance’s access control rules?
In the Access Control List (ACL) located in
System Security > Access Control (ACL)
What role is required to create or modify access control roles?
security_admin role
What does each access rule specify?
- The Object being secured (i.e. tables, field)
- The permissions required to access the object:
- roles
- conditional expressions
- scripts - The operation (CRUD)
What access control rules does the system create by default when a custom table is created?
CRUD (create, read, write, delete)
What is the command to view the access controls associated with a table?
- Filter: table_name.config
- Select Access Controls tab
Which role is created by default when we create an extending custom table
the u_[table]_user role
In which order are record access control rules processed?
- Match the object against table ACL rules (most specific to most general)
- Match the object against field ACL rules (most specific to most general)
What are the Access Control rule types?
table.None: applies to the whole table including all the records in the table
table.field: applies to one specific field on the table
table.* : applies to every field on the table without a table.field rule
Where do we navigate to create a role?
System Security > Users and Groups > Roles
Where do we navigate to add a role to a group?
System Security > Users and Groups > Groups
How can an access control be set for a table components?
The access control can be set on a table record or on a table field
What are the 3 ACL rule types?
- table.–None–
- table.field
- table.*
How does table.–None– apply on a table?
table.–None– applies to all the records on the table
How does table.field apply on a table?
table.field applies to the specified field only (like Caller on the Incident table)
How does table.* apply on a table?
table.* applies to every field without a table.field rule
How do the 3 access controls override each other?
- table.field overrides table.*
- table.* overrides table.–None–
What is ACL best practice?
- When creating a .* rule, create also a .None rule b/c only .None grants access to records
- When creating a rule that mostly grants access, use .None only
- When creating a rule that mostly denies access, use .None and .*
