Hi all,
I’m working on a challenge to log every failed Access Control List (ACL) attempt in ServiceNow.
Goal:
Capture and log all/denied access attempts by ACLs (particularly on sensitive/custom tables)
Create a lightweight reporting or dashboard solution that does not degrade instance performance
or, at least, log all attempts to a custom log table
What I’ve already tried:
Calling script includes or using GlideRecord directly inside ACL scripts to log attempts — this slows down the ACL execution (ACL takes 8 seconds to execute while the maximum acceptable duration is 5 seconds)
Triggering events with gs.eventQueue()— unfortunately events don’t fire on blocked ACLs, so this didn’t help
Using Debug Security Rules — useful but too heavy for continuous monitoring
My questions:
Has anyone successfully implemented ACL attempt logging like this? What approach worked well?
Are there best practices or design patterns to achieve this efficiently?
Has anyone integrated AI Agents or ServiceNow AI features for automated analysis or alerts on ACL violations? (I don’t have AI enabled on my PDI but am curious about future possibilities.)
Any recommended plugins, apps, or third-party tools to assist?
Thanks so much in advance for any insights, experiences, or example code you’re willing to share!
— Anasuya
