Access Control

Question 1

What are the levels of security ServiceNow provides before an end-user can perform CRUD operations on a table?

Answer 1

User Authentication/Login

Application and Modules access

Database access (tables, records, and fields)

Question 2

What at the 3 security modules typically used by the system administrator?

Answer 2

System Properties > security

System Security > Access control (ACL)

System Security > High Security Settings

Question 3

What is an Access Control?

Answer 3

An access control is a security rule defined to restrict the permissions of a user from viewing and interacting with data.

Question 4

What are SN specific operations on which I can set Access Control rules?

Answer 4

execute: user cannot execute scripts on a record or UI page

edit_ci_relations: user cannot define relationships b/w [cmdb_ci] tables

save_as_template: constrols the field that should be saved when a template is created

report_on: user cannot create reportson the object

personalize_choices; user cannot right-click a choice list field and select Configure Choices

Question 5

Where to navigate to see all the instance’s access control rules?

Answer 5

In the Access Control List (ACL) located in

System Security > Access Control (ACL)

Question 6

What role is required to create or modify access control roles?

Answer 6

security_admin role

Question 7

What does each access rule specify?

Answer 7

1. The Object being secured (i.e. tables, field)
2. The permissions required to access the object:
   - roles
   - conditional expressions
   - scripts
3. The operation (CRUD)

Question 8

What access control rules does the system create by default when a custom table is created?

Answer 8

CRUD (create, read, write, delete)

Question 9

What is the command to view the access controls associated with a table?

Answer 9

1. Filter: table_name.config
2. Select Access Controls tab

Question 10

Which role is created by default when we create an extending custom table

Answer 10

the u_[table]_user role

Question 11

In which order are record access control rules processed?

Answer 11

1. Match the object against table ACL rules (most specific to most general)
2. Match the object against field ACL rules (most specific to most general)

Question 12

What are the Access Control rule types?

Answer 12

table.None: applies to the whole table including all the records in the table

table.field: applies to one specific field on the table

table.* : applies to every field on the table without a table.field rule

Question 13

Where do we navigate to create a role?

Answer 13

System Security > Users and Groups > Roles

Question 14

Where do we navigate to add a role to a group?

Answer 14

System Security > Users and Groups > Groups

Question 15

How can an access control be set for a table components?

Answer 15

The access control can be set on a table record or on a table field

Question 16

What are the 3 ACL rule types?

Answer 16

• table.–None–
• table.field
• table.*

Question 17

How does table.–None– apply on a table?

Answer 17

table.–None– applies to all the records on the table

Question 18

How does table.field apply on a table?

Answer 18

table.field applies to the specified field only (like Caller on the Incident table)

Question 19

How does table.* apply on a table?

Answer 19

table.* applies to every field without a table.field rule

Question 20

How do the 3 access controls override each other?

Answer 20

• table.field overrides table.*
• table.* overrides table.–None–

Question 21

What is ACL best practice?

Answer 21

• When creating a .* rule, create also a .None rule b/c only .None grants access to records
• When creating a rule that mostly grants access, use .None only
• When creating a rule that mostly denies access, use .None and .*