Restrict Access To Certain Sensitive Requested Items

Go to solution
mr3006
Kilo Contributor

‎08-14-2018 03:35 AM

Good Morning,

I'm hoping someone can help with this.

We need to restrict access to certain Requested Items and the tasks within that may contain confidential data for example (asking for access to someone's emails for investigation purposes).

We have the catalogue items set up and i believe the way to do this would be by using an ACL.

We would need the requester, requested for and a certain resolver group to have access to the item & tasks but all other resolver groups to be denied read access.

Is this possible?

Any help would be greatly appreciated.

Many Thanks

Labels:
0 Helpfuls
  • 2,817 Views
1 ACCEPTED SOLUTION

Go to solution
Brad Tilton
ServiceNow Employee
ServiceNow Employee

‎08-14-2018 11:53 AM

Yes, you would want to look at read ACLs for requested item and tasks. You'd probably need a couple of scripted ACLs that check the logged in user and group and then compare against the values on the records.

View solution in original post

0 Helpfuls
6 REPLIES 6

Go to solution
Brad Tilton
ServiceNow Employee
ServiceNow Employee

‎08-14-2018 11:53 AM

Yes, you would want to look at read ACLs for requested item and tasks. You'd probably need a couple of scripted ACLs that check the logged in user and group and then compare against the values on the records.

0 Helpfuls

Go to solution
Abhinay Erra
Giga Sage

‎08-14-2018 11:56 AM

Yes create read ACL and in the advanced section, you will have to code based on the catalog item, requested for. If you can provide all the details, I can help you write the script.

0 Helpfuls

Go to solution
mr3006
Kilo Contributor
In response to Abhinay Erra

‎08-14-2018 12:24 PM

Abhinay, That would be fantastic, scripting is not a strong point of mine so would appreciate the help. We have an item called "Mailbox or Data Access request" and need all users in the "GF021" group as well as the requestor and requested for to be able to access this request type but no one else. Within the RITM there are two tasks "Provide Access to requested data" and "Revoke access to requested data" These need to be only accessible by the GF021 group. I'm not sure what other information might be needed? Again, many thanks for your time and assistance with this. Mike
0 Helpfuls

Go to solution
jonny27
Giga Contributor

‎10-29-2020 01:56 AM

Hi team

I require exactly the same thing but, I'm afraid, I'm not great with ACLs or scripting.

  • I have a catalog item called 'Account Audit Request' and a workflow to have it approved
  • I have created a group that should have access to it called 'Account Audit Team'

I need these requests to be heavily locked down so even the Service Desk team can't see them (or anyone with the generic ITIL access) and only visible to the 'Account Audit Team' group. 

I have two catalog tasks generated as part of the workflow to provide and revoke access, so the assignee of that task will also need access to catalog tasks only and not the RITM, and only when it is assigned to them.

 

Is this doable, and, if so, how do I implement it?

 

Many thanks

0 Helpfuls