Best practice for setting up ACLs and groups architecture

jency83
Tera Guru

Wednesday

Hi guys, 

I am wondering what is your experience building a good ACL and groups architecture in a ServiceNow instance.

I have seen a few but they always comes with some comproimses. I am checking if anyone found an ideal solution. What I have seen so far

 

1. Simply having groups with roles assigned, then simply add users to groups

- Looks the easiest way but with many groups, it may get too complex and confusing for end user

1a. Link groups in parent/child relationship and assign roles properly

- Might be a bit better, but there can be exceptions adding again quite a lot of complexity

2. "Organizational" and "Permission" groups

- Assign various groups, one grants people membershing in assignment group, another one grants them a role

- This looks scalable, but you may need to request multiple group membership which is not much user friendly

 

Eventually I found an article by @SaschaWildgrube about personas. 4k+ views but not a single comment below. Is anyone using similar approach? I kinda like it. 

 

What is your experience?

Labels:
0 Helpfuls
  • 320 Views
5 REPLIES 5

Dr Atul G- LNG
Tera Patron
Tera Patron
In response to jency83

Wednesday

Agreed. I'm currently supporting a large U.S. client, and they also have many groups. We still follow the same method, which works well. You can use the same approach, but make sure proper governance is in place.

Here are some best practices to follow:

  1. Naming Conventions: Ensure each type of group follows a clear and consistent naming convention. This helps with identification and management.

  2. Group Type Field: Use the group type field to categorize groups. This makes it easier to filter and manage access requests specific to certain types.

  3. Request Visibility: Set visibility so only the required groups show up in access requests.

  4. Group Ownership: Every group should have a designated manager. This supports accountability and streamlines approval workflows.

  5. Governance Structure: All of the above should be enforced through a governance framework to ensure scalability and control.

This approach ensures that access management remains organized and efficient as the number of groups grows.

*************************************************************************************************************
If my response proves useful, please indicate its helpfulness by selecting " Accept as Solution" and " Helpful." This action benefits both the community and me.

Regards
Dr. Atul G. - Learn N Grow Together
ServiceNow Techno - Functional Trainer
LinkedIn: https://www.linkedin.com/in/dratulgrover
YouTube: https://www.youtube.com/@LearnNGrowTogetherwithAtulG
Topmate: https://topmate.io/atul_grover_lng [ Connect for 1-1 Session]

****************************************************************************************************************
0 Helpfuls