Module 5

Question 1

What 4 places can access be restricted in service now?

Answer 1

-Application menu
-Modules
-Records
-Fields

Question 2

If a user has access to the ________ module, they can see all tables including those for which they cannot see records.

Answer 2

System definition> table module

Question 3

Users can type ________ into the type filter text field in the application navigator to attempt to open the list of records for any table

Answer 3

<table_name>.list
</table_name>

Question 4

<table_name>.list usually allows a user to open a list of records for that particular table but depending on the users permissions what 2 things can happen?
</table_name>

Answer 4

-The list may not display all the records (number of rows removed from this list by security restraints message)

-The list page is not rendered (security restraints prevent access to request page message)

Question 5

How do you control access to application menus or modules?

Answer 5

Through roles

Question 6

Users without an application menu’s role cannot see the menu in the application navigator, users with the role can see what?

Answer 6

The menu

Question 7

Where do you set an application menus or a modules permissions?

Answer 7

In studio , edit roles

Question 8

This role allows users without access to the application menu to access a module for which they are authorized

Answer 8

The override application menu roles

Question 9

Access controls can only be created or edited in studio if the user has elevated to which role?

Answer 9

security_admin

Question 10

If you have the elevated security_admin role but can’t edit or create access controls, what do you do?

Answer 10

Save any application file to update studio’s permissions

Question 11

How many access control rules can be created automatically when adding tables to an application

Answer 11

Four

Question 12

Access to records and fields is denied by default?

Answer 12

True

Question 13

The wild card access control rule (.) for the create operation reuses the same permissions as which operation, unless you do what?

Answer 13

Write ; unless you define an explicit create operation ACL rule

Question 14

Where do you go to see all access controls evaluated on for a record?

Answer 14

On a list select configure> security roles

Question 15

Configure the application form or list’s security rules to edit the access controls that apply to the record and to avoid what?

Answer 15

Inadvertently editing non-applicable access controls

Question 16

When access controls are created what is automatically populated?

Answer 16

The description field

Question 17

This access control rule applies to a tables records; must have to view a table’s list or form.

Answer 17

table.none

Question 18

This access control rule applies to every field on a record where there is no field specific ACL?

Answer 18

table.*

Question 19

This access control rule applies to only one field on a record

Answer 19

table.field

Question 20

What happens if access is denied to a row?

Answer 20

No field level rules can grant access

Question 21

If access to a row is allowed but the field is denied what happens?

Answer 21

The field is not visible

Question 22

If access to a row is allowed and access to a field is allowed, what happens?

Answer 22

The field is visible

Question 23

A field specific ACL excludes all other roles from access to that field (t/f)

Answer 23

True

Question 24

table.* ACL gives access to all fields for a table that don’t have a field-specific rule, and excludes users with all other roles (t/f)

Answer 24

True

Question 25

To easily exclude fields, what ACL should you use?

Answer 25

Table.*

Question 26

To easily include fields, do not use which ACL?

Answer 26

table.*

Question 27

A user must pass both _______ and ______ ACL rules to access a record object

Answer 27

Table and field

Question 28

Access control rules are usually processed how?

Answer 28

From most specific to most general

Question 29

Record ACL rules are processed in what order?

Answer 29

1. Match object against table ACL rules (specific to general) 2. Match the object to field ACL rules (specific to general)

Question 30

What happens if a user fails a table access control rule but the pass a field control rule?

Answer 30

The user is still denied access to all fields in the table

Question 31

If a user passes a table ACL but fails a field ACL rule, what happens?

Answer 31

The user can access the table but not the field described by the field ACL rule

Question 32

Are there system created access control rules?

Answer 32

Yes

Question 33

If there is a matching access control rule, the system evaluates if the user has the permissions required to access what?

Answer 33

The object and operation (roles, conditions, script)

Question 34

If an access control specifies more than one permission, what happens?

Answer 34

The user must meet all permissions to gain access to the object and operation

Question 35

Failing on permission check means what?

Answer 35

The user is unable to access the matching object and operation

Question 36

Does the first successful ACL evaluation stop ACL rule processing at the field level?

Answer 36

Yes

Question 37

When a user passes a field ACL rule, what happens? (What does the system do?)

Answer 37

The system stops searching for other matching ACL rules

Question 38

If a user does not meet the permissions of the first matching ACL rule, the system evaluates the permissions of the next matching ACL rule specified by the access control processing order. If the user fails to meet the permissions of any matching access control rule, what happens?

Answer 38

The system denies access to the requested object and operation

Question 39

Access control fields are evaluated in the order shown on the access control form. What order is that?

Answer 39

1. Requires role 2. Condition 3. Script

Question 40

What do blank fields in access control equal?

Answer 40

True

Question 41

What is a very useful GlideRecord method for access control scripting?

Answer 41

isNewRecord()

Question 42

Useful Glidesystem user records for access controls?

Answer 42

hasRole() getUserName getUserID

Question 43

What method should you avoid using during access control scripting because they can adversely impact performance?

Answer 43

gliderecord queries

Question 44

What is available to help you troubleshoot and debug ACLs?

Answer 44

-Field level debugging -Access ACL rule output messages

Question 45

When ACL debugging is enabled, what appears beside each field with an ACL rule?

Answer 45

A small bug icon

Question 46

When ACL debugging, what happens when you select the small bug icon beside a field?

Answer 46

The icon lists ACL rules that apply for the field and evaluation results

Question 47

This lets you know what related ACLs exists when you modify one?

Answer 47

The ACL configuration watcher

Question 48

Where do you navigate to enable ACL debugging?

Answer 48

System security> debugging> debug security rule

Question 49

Debugging is show in order of evaluation. What is the order of evaluation?

Answer 49

Roles, condition, script

Question 50

Debugging color coding. Green with a check mark or blue with a check mark equals?

Answer 50

Passed

Question 51

Debugging color coding. Red equals?

Answer 51

Failed

Question 52

Debugging color coding. Blue equals

Answer 52

Used previously/ cached

Question 53

Debugging color coding. Grey equals

Answer 53

Skipped because of a access control higher in the hierarchy

Question 54

It is better to control access through glideSystem methods that execute server side than client side scripting, why?

Answer 54

For better performance and security

Question 55

Server-side scripting API glideSystem methods are?

Answer 55

-getUser() -getUserDisplayName() -getUserNameByUserID() -userID() -hasRole()

Question 56

Server-side scripting API glideRecord methods

Answer 56

-canRead() -canCreate() -canWrite() -canDelete()

Question 57

How is application access set?

Answer 57

On a table by table basis

Question 58

There is runtime application protection against what?

Answer 58

Access by scripts Access through the web services api

Question 59

Application access is applied in addition to what?

Answer 59

Access controls

Question 60

The “allow access to this table via web services” option is only selectable if the accessible from option value is what?

Answer 60

“All application scopes”

Question 61

Unauthorized script access is prevented at runtime but _____ cause run time errors. Script logic attempting unauthorized access is _______ and servicenow continues to run normally.

Answer 61

Does not; skipped

Question 62

When application access is granted to all application scopes, what is the default configuration?

Answer 62

All read access only (to all other applications)

Question 63

Does application access apply to scripts executed in the same scope?

Answer 63

No

Question 64

Does application access (run time scripting) only apply to business rules?

Answer 64

No, applies to all server side script

Question 65

The allow configuration checkbox on the application access tab permits other applications scopes to do what?

Answer 65

Create artifacts for an application

Question 66

The allow configuration checkbox on the application access tab allows other applications scoped to create artifacts for an application. What are those 3 artifact examples?

Answer 66

-Dictionary entry -UI action -Client script

Question 67

Business rules, access controls, and other metadata types can extend out of scope tables when this is selected on the application access tab

Answer 67

Can read

Question 68

These records are used to track cross scope applications that request access to an application, application resource, or event

Answer 68

Restricted caller access

Question 69

Application restricted caller access is activated by which plugin?

Answer 69

The scoped application restricted caller access plugin (com.glide.scope.access.restricted_caller)

Question 70

With this restricted caller access option, cross scope calls to the resource are approved or denied based on the value of the accessible from field

Answer 70

None

Question 71

With this restricted caller access option, calls to the resource must be manually approved. Access requests are tracked in the restricted caller access table with a status of requested

Answer 71

Caller restriction

Question 72

With this restricted caller access option, calls to the resource are automatically approved. Calls are tracked in the restricted caller access table with a status of approved.

Answer 72

Caller tracking

Question 73

What role is required to set access to an application?

Answer 73

Admin or application admin

Question 74

Safeguard intellectual property by making artifact logic what? (2 things)

Answer 74

Read only or not visible

Question 75

Protection policies only applies when applications are what?

Answer 75

Installed from the servicenow App Store

Question 76

Protection policies do not prevent other developers on the application development instance from viewing or editing application artifacts (t/f)

Answer 76

True

Question 77

What two things can (application) protection policies be applied to?

Answer 77

-ui actions -script includes

Question 78

Protection policies are not applied when applications are published and migrated to an instance using what?

Answer 78

An update set

Question 79

What are the protection policy options?

Answer 79

-none -read only (not editable) -protected (not visible)

Question 80

For the instance an application is developed on, should you use access controls or protection policies to restrict users ability to see and edit artifacts?

Answer 80

Access controls