Implementing Explicit Roles

jboudi
Tera Contributor

‎02-22-2024 11:21 AM - edited ‎02-22-2024 11:31 AM

Is anyone willing to share lessons learned or issues discovered after activating the Explicit Roles plugin?
https://docs.servicenow.com/bundle/washingtondc-platform-security/page/administer/contextual-securit...

 

I am considering implementing this plugin to help close a security gap.  After the Public List Widget Misconfiguration issue that happened in October of last year (link:https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1553688) , I've trying to understand the ACLs in our environments. I cobbled together a script that discovered a number of active ACLs that have no apparent value (example ACL screenshot attached).

ACL with no rules.png

The above referenced article states that ACLs with an empty value in the "Roles, Conditions, & Scripts" will resolve to "true". I checked my developer instance and found over 500 active ACLs where the "Roles, Conditions, & Scripts" are empty.

I believe the explicit roles plugin will at the minimum add "snc_internal" to all ACLs which would prevent an ACL from reading true, unless the user is logged in.

0 Helpfuls
  • 1,067 Views
1 REPLY 1

Mark Roethof
Tera Patron
Tera Patron

‎02-22-2024 11:24 AM

Hi there,

 

ask_questions.png

 

Kind regards,

 

Mark Roethof

Independent ServiceNow Consultant

10x ServiceNow MVP

---

 

~444 Articles, Blogs, Videos, Podcasts, Share projects - Experiences from the field

LinkedIn