Introduction:
In ServiceNow, ensuring proper access control to sensitive data is crucial. In this blog post, we will explore how Access Control Lists (ACLs) can be used to manage access to non-operational CMDB data. Specifically, we will focus on hiding non-operational data from ITIL users while allowing access to CMDB managers and administrators.Step 1: Elevate Your Role for ACL Configuration To begin, you need to elevate your role to access and edit ACLs in ServiceNow. Here's how:
- Click on your profile located in the top right corner of the ITIL view.
- Select "Elevate Role" (Note: You will require the security_admin role to perform this step).
Step 2: Create a New ACL Now, let's create a new ACL to control access to the non-operational CMDB data:
- Navigate to "System Security" -> "Access Control" -> "Create New".
- Select the type as "Record" and the operation as "Read".
- Choose the CMDB table (e.g., cmdb_ci) for which you want to control access.
- Provide a meaningful short description of the ACL.
- Under the "Roles" section, select the "cmdb_read" role. This role allows users to read CMDB records.
- Specify appropriate conditions that define when this ACL should be applied. For example, you can set conditions to check for non-operational status.
- In the "Script" field, write "gs.getSession().isLoggedIn();" to ensure that only logged-in users can access the data.
- Save the ACL.
Step 3: ACL for Admins and CMDB Managers In this step, we will create an ACL that allows administrators and CMDB managers to view non-operational data in the ListView:
- If an ACL already exists for the CMDB table (e.g., cmdb_ci) and the operation is set to "Read," you can edit that ACL. Otherwise, create a new one following the same steps as before.
- Keep all the settings the same as before, except this time, select the appropriate role common to CMDB managers and administrators. In our case, we selected "cmdb_inst_admin."
- Do not set any conditions for this ACL to ensure that non-operational data is visible to the specified roles.
- Save the record.
Conclusion:
By leveraging Access Control Lists (ACLs) in ServiceNow, we have successfully controlled access to non-operational CMDB data. ITIL users will no longer have access to this sensitive information, while CMDB managers and administrators can view the non-operational data as required. Properly managing access to sensitive data is essential for maintaining data privacy and security within an organization.Remember, ACLs are just one aspect of access control in ServiceNow, and it is crucial to regularly review and update them based on your organization's evolving requirements.
0 Comments