Dot.Walk tags in a report filter

marknyquist · ‎04-23-2020

Greetings helpful people!

I'm looking to write a report that shows indicator tasks that includes the control objective name and is filtered by tags applied to the control objective. I've got the first part (indicator tasks with control objective name), but when I dot.walk, the tags field isn't available.

Interestingly, if I switch to the old UI, I can navigate and find the tags field, but when I run the report it doesn't turn up anything.

Any suggestions? Thanks in advance!

Mark

Phil Swann · ‎04-27-2020

That makes a lot of sense. Will each control objective receive multiple tags? Are you already consuming each of the classification, type, category fields effectively? These are very scalable with the use of sn_grc_choice table.

If these are not a solution (its not O2M or you already use these fields in full), then perhaps you need to utilise a DB view which joins indicator task, thru indicator, template, control objective to citations and thru to authority document which should give you the PCI DSS, as well as any other 'm2m' relationship based on regulatory concerns. Same could be said for internal frameworks, using sn_grc_policy with a similar DB view model.

Edit: I just noticed you said Assessment , not necessarily to the regulation itself, are you using Audit Management? Same could be done on DB view, but include the Engagement through the Controls related list.

View solution in original post

Phil Swann · ‎04-23-2020

Hi Mark, can you give an example of why you want to use Tags, and how this is going to help you organise the report? e.g. what are you using tags for that allows us to report on it effectively?

Reason I ask, is whether there is anything other than tags which you could use which might be more robust..

In the meantime, just checking tags as its not something I have used much, looks like it could be a text indexing issue:

https://docs.servicenow.com/bundle/orlando-platform-user-interface/page/use/common-ui-elements/task/...

As they are text, and this needs to be enabled on a table by table basis; it could be this.

Phil Swann · ‎04-23-2020

Doesn't look like tags are treated as text in filter but as a reference field, so that should mean not a text index issue. However, I am not sure that it is possible to dot-walk to a tags table, even by the list filter. The tags option appears, but when you select it reverts to the base table you are on and the query is direct on the table, not dot-walked.

So the fact the report filter is using condition builder v2, and therefore doesn't show tags, is likely due to the fact that the v1 is actually false? I am not an expert with tags at all but I just tried filtering from a control to the control objective and even 1 dot-walk isn't working.

I might try with a script and see how it behaves. If that does work you could create a method to call from the filter but I am not sure that would be very performant hence a better option could be to evaluate the use of tags. ( I might be missing a trick by never really using them ).

marknyquist · ‎04-27-2020

Phil,

We have many business units and different assessments going on at different times. My thinking was to to tag control objectives with something like 'PCI 2020 Assessment' as a way to quickly report the status of all indicator tasks (i.e. open evidence requests). Any suggestions (or pointing out logic flaws/ easier methods) is greatly appreciated.

Thanks!

Phil Swann · ‎04-27-2020

That makes a lot of sense. Will each control objective receive multiple tags? Are you already consuming each of the classification, type, category fields effectively? These are very scalable with the use of sn_grc_choice table.

If these are not a solution (its not O2M or you already use these fields in full), then perhaps you need to utilise a DB view which joins indicator task, thru indicator, template, control objective to citations and thru to authority document which should give you the PCI DSS, as well as any other 'm2m' relationship based on regulatory concerns. Same could be said for internal frameworks, using sn_grc_policy with a similar DB view model.

Edit: I just noticed you said Assessment , not necessarily to the regulation itself, are you using Audit Management? Same could be done on DB view, but include the Engagement through the Controls related list.