Willem
Giga Sage
Giga Sage

HRSD Vancouver: COE Security policies inheritance explained

Please find here a logical depiction of how COE Security policies and ACLs are evaluated in the (Out of the Box) ServiceNow setup

COE Security Policies and ACL's

COE security policies are a no-code way to configure access to the different HR Case tables (Centers of Excellence; COE’s). Read more about the evaluation of them here.

Up until Vancouver there was however a difference in how COE security policies handle Hierarchy versus how Access Control Lists (ACLs) handle them.

Willem_0-1692014202430.png

 

As an example, we can look at HR Core Case, that is an extend of Task. The different COE’s are in itself an extend of HR Core Case.

For ACLs it will look from most specific (f.e. Payroll) to least specific. Meaning that if you have not specified a more specific ACL on Payroll, it will look for an ACL on HR Core Case, if it cannot find any there, it will finally resort to the Task level (or even * level; meaning the fallback for any table). This means that there is a certain connection between the tables in terms of inheritance/hierarchy like depicted below.

Willem_1-1692014202430.png


Utah --> Vancouver

Up until the Utah release this however was not the case for COE Security policies. You could not specify on HR Core Case level a policy that would cover all Child tables (f.e. Payroll, HR IT, and Employee relations).

Willem_2-1692014202431.png

 

This meant that you would have to set up policies on each level. For example, if you want to allow ‘Group A’ access to all 3 tables, as well as the HR Core Case table, you need to specify it 4 times.

Willem_3-1692014202436.png

 

From Vancouver on it is possible to set up 1 policy that applies to all Child COEs:

Willem_4-1692014202441.png

(Note that ‘Applies to all services’ will be automatically checked and read only)

 

This inheritance will allow us to set up 1 policy that will roll down to the other levels

Willem_5-1692014202445.png

 

In combination with the added ‘Policy name’ and ‘Short description’ this adds to the maintainability and efficiency of the COE Security policy setup.

Comments
Wessel van Enk
Tera Guru
Tera Guru

Thanks a lot for the clear explanation Willem!

SANDEEP28
Mega Sage

Really helpful...This feature will help in reducing the number of COE security policies.

Martin Ivanov
Giga Sage
Giga Sage

Thanks for sharing, Willem, crisp and clear as always!

Ajay86
Tera Explorer

Thanks @Willem very helpful information.

Do we have any way to extend the COE policies on the child HR Tasks as well for the respective COEs ?

Version history
Last update:
‎08-14-2023 05:02 AM
Updated by:
Contributors