Module 5 Flashcards

1
Q

What 4 places can access be restricted in service now?

A

-Application menu
-Modules
-Records
-Fields

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

If a user has access to the ________ module, they can see all tables including those for which they cannot see records.

A

System definition> table module

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Users can type ________ into the type filter text field in the application navigator to attempt to open the list of records for any table

A

<table_name>.list
</table_name>

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

<table_name>.list usually allows a user to open a list of records for that particular table but depending on the users permissions what 2 things can happen?
</table_name>

A

-The list may not display all the records (number of rows removed from this list by security restraints message)

-The list page is not rendered (security restraints prevent access to request page message)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

How do you control access to application menus or modules?

A

Through roles

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Users without an application menu’s role cannot see the menu in the application navigator, users with the role can see what?

A

The menu

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Where do you set an application menus or a modules permissions?

A

In studio , edit roles

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

This role allows users without access to the application menu to access a module for which they are authorized

A

The override application menu roles

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Access controls can only be created or edited in studio if the user has elevated to which role?

A

security_admin

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

If you have the elevated security_admin role but can’t edit or create access controls, what do you do?

A

Save any application file to update studio’s permissions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

How many access control rules can be created automatically when adding tables to an application

A

Four

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Access to records and fields is denied by default?

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

The wild card access control rule (.) for the create operation reuses the same permissions as which operation, unless you do what?

A

Write ; unless you define an explicit create operation ACL rule

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Where do you go to see all access controls evaluated on for a record?

A

On a list select configure> security roles

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Configure the application form or list’s security rules to edit the access controls that apply to the record and to avoid what?

A

Inadvertently editing non-applicable access controls

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

When access controls are created what is automatically populated?

A

The description field

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

This access control rule applies to a tables records; must have to view a table’s list or form.

A

table.none

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

This access control rule applies to every field on a record where there is no field specific ACL?

A

table.*

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

This access control rule applies to only one field on a record

A

table.field

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

What happens if access is denied to a row?

A

No field level rules can grant access

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

If access to a row is allowed but the field is denied what happens?

A

The field is not visible

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

If access to a row is allowed and access to a field is allowed, what happens?

A

The field is visible

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

A field specific ACL excludes all other roles from access to that field (t/f)

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

table.* ACL gives access to all fields for a table that don’t have a field-specific rule, and excludes users with all other roles (t/f)

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

To easily exclude fields, what ACL should you use?

A

Table.*

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

To easily include fields, do not use which ACL?

A

table.*

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

A user must pass both _______ and ______ ACL rules to access a record object

A

Table and field

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

Access control rules are usually processed how?

A

From most specific to most general

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

Record ACL rules are processed in what order?

A
  1. Match object against table ACL rules (specific to general)
  2. Match the object to field ACL rules (specific to general)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

What happens if a user fails a table access control rule but the pass a field control rule?

A

The user is still denied access to all fields in the table

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

If a user passes a table ACL but fails a field ACL rule, what happens?

A

The user can access the table but not the field described by the field ACL rule

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

Are there system created access control rules?

A

Yes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

If there is a matching access control rule, the system evaluates if the user has the permissions required to access what?

A

The object and operation (roles, conditions, script)

34
Q

If an access control specifies more than one permission, what happens?

A

The user must meet all permissions to gain access to the object and operation

35
Q

Failing on permission check means what?

A

The user is unable to access the matching object and operation

36
Q

Does the first successful ACL evaluation stop ACL rule processing at the field level?

A

Yes

37
Q

When a user passes a field ACL rule, what happens? (What does the system do?)

A

The system stops searching for other matching ACL rules

38
Q

If a user does not meet the permissions of the first matching ACL rule, the system evaluates the permissions of the next matching ACL rule specified by the access control processing order. If the user fails to meet the permissions of any matching access control rule, what happens?

A

The system denies access to the requested object and operation

39
Q

Access control fields are evaluated in the order shown on the access control form. What order is that?

A
  1. Requires role
  2. Condition
  3. Script
40
Q

What do blank fields in access control equal?

A

True

41
Q

What is a very useful GlideRecord method for access control scripting?

A

isNewRecord()

42
Q

Useful Glidesystem user records for access controls?

A

hasRole()
getUserName
getUserID

43
Q

What method should you avoid using during access control scripting because they can adversely impact performance?

A

gliderecord queries

44
Q

What is available to help you troubleshoot and debug ACLs?

A

-Field level debugging
-Access ACL rule output messages

45
Q

When ACL debugging is enabled, what appears beside each field with an ACL rule?

A

A small bug icon

46
Q

When ACL debugging, what happens when you select the small bug icon beside a field?

A

The icon lists ACL rules that apply for the field and evaluation results

47
Q

This lets you know what related ACLs exists when you modify one?

A

The ACL configuration watcher

48
Q

Where do you navigate to enable ACL debugging?

A

System security> debugging> debug security rule

49
Q

Debugging is show in order of evaluation. What is the order of evaluation?

A

Roles, condition, script

50
Q

Debugging color coding. Green with a check mark or blue with a check mark equals?

A

Passed

51
Q

Debugging color coding. Red equals?

A

Failed

52
Q

Debugging color coding. Blue equals

A

Used previously/ cached

53
Q

Debugging color coding. Grey equals

A

Skipped because of a access control higher in the hierarchy

54
Q

It is better to control access through glideSystem methods that execute server side than client side scripting, why?

A

For better performance and security

55
Q

Server-side scripting API glideSystem methods are?

A

-getUser()
-getUserDisplayName()
-getUserNameByUserID()
-userID()
-hasRole()

56
Q

Server-side scripting API glideRecord methods

A

-canRead()
-canCreate()
-canWrite()
-canDelete()

57
Q

How is application access set?

A

On a table by table basis

58
Q

There is runtime application protection against what?

A

Access by scripts
Access through the web services api

59
Q

Application access is applied in addition to what?

A

Access controls

60
Q

The “allow access to this table via web services” option is only selectable if the accessible from option value is what?

A

“All application scopes”

61
Q

Unauthorized script access is prevented at runtime but _____ cause run time errors. Script logic attempting unauthorized access is _______ and servicenow continues to run normally.

A

Does not; skipped

62
Q

When application access is granted to all application scopes, what is the default configuration?

A

All read access only (to all other applications)

63
Q

Does application access apply to scripts executed in the same scope?

A

No

64
Q

Does application access (run time scripting) only apply to business rules?

A

No, applies to all server side script

65
Q

The allow configuration checkbox on the application access tab permits other applications scopes to do what?

A

Create artifacts for an application

66
Q

The allow configuration checkbox on the application access tab allows other applications scoped to create artifacts for an application. What are those 3 artifact examples?

A

-Dictionary entry
-UI action
-Client script

67
Q

Business rules, access controls, and other metadata types can extend out of scope tables when this is selected on the application access tab

A

Can read

68
Q

These records are used to track cross scope applications that request access to an application, application resource, or event

A

Restricted caller access

69
Q

Application restricted caller access is activated by which plugin?

A

The scoped application restricted caller access plugin (com.glide.scope.access.restricted_caller)

70
Q

With this restricted caller access option, cross scope calls to the resource are approved or denied based on the value of the accessible from field

A

None

71
Q

With this restricted caller access option, calls to the resource must be manually approved. Access requests are tracked in the restricted caller access table with a status of requested

A

Caller restriction

72
Q

With this restricted caller access option, calls to the resource are automatically approved. Calls are tracked in the restricted caller access table with a status of approved.

A

Caller tracking

73
Q

What role is required to set access to an application?

A

Admin or application admin

74
Q

Safeguard intellectual property by making artifact logic what? (2 things)

A

Read only or not visible

75
Q

Protection policies only applies when applications are what?

A

Installed from the servicenow App Store

76
Q

Protection policies do not prevent other developers on the application development instance from viewing or editing application artifacts (t/f)

A

True

77
Q

What two things can (application) protection policies be applied to?

A

-ui actions
-script includes

78
Q

Protection policies are not applied when applications are published and migrated to an instance using what?

A

An update set

79
Q

What are the protection policy options?

A

-none
-read only (not editable)
-protected (not visible)

80
Q

For the instance an application is developed on, should you use access controls or protection policies to restrict users ability to see and edit artifacts?

A

Access controls