Restrict Access To Certain Sensitive Requested Items

mr3006
Kilo Contributor

Good Morning,

I'm hoping someone can help with this.

We need to restrict access to certain Requested Items and the tasks within that may contain confidential data for example (asking for access to someone's emails for investigation purposes).

We have the catalogue items set up and i believe the way to do this would be by using an ACL.

We would need the requester, requested for and a certain resolver group to have access to the item & tasks but all other resolver groups to be denied read access.

Is this possible?

Any help would be greatly appreciated.

Many Thanks

1 ACCEPTED SOLUTION

Brad Tilton
ServiceNow Employee
ServiceNow Employee

Yes, you would want to look at read ACLs for requested item and tasks. You'd probably need a couple of scripted ACLs that check the logged in user and group and then compare against the values on the records.

View solution in original post

6 REPLIES 6

Brad Tilton
ServiceNow Employee
ServiceNow Employee

Yes, you would want to look at read ACLs for requested item and tasks. You'd probably need a couple of scripted ACLs that check the logged in user and group and then compare against the values on the records.

Abhinay Erra
Giga Sage

Yes create read ACL and in the advanced section, you will have to code based on the catalog item, requested for. If you can provide all the details, I can help you write the script.

Abhinay, That would be fantastic, scripting is not a strong point of mine so would appreciate the help. We have an item called "Mailbox or Data Access request" and need all users in the "GF021" group as well as the requestor and requested for to be able to access this request type but no one else. Within the RITM there are two tasks "Provide Access to requested data" and "Revoke access to requested data" These need to be only accessible by the GF021 group. I'm not sure what other information might be needed? Again, many thanks for your time and assistance with this. Mike

jonny27
Giga Contributor

Hi team

I require exactly the same thing but, I'm afraid, I'm not great with ACLs or scripting.

  • I have a catalog item called 'Account Audit Request' and a workflow to have it approved
  • I have created a group that should have access to it called 'Account Audit Team'

I need these requests to be heavily locked down so even the Service Desk team can't see them (or anyone with the generic ITIL access) and only visible to the 'Account Audit Team' group. 

I have two catalog tasks generated as part of the workflow to provide and revoke access, so the assignee of that task will also need access to catalog tasks only and not the RITM, and only when it is assigned to them.

 

Is this doable, and, if so, how do I implement it?

 

Many thanks