- Post History
- Subscribe to RSS Feed
- Mark as New
- Mark as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
on ‎08-14-2023 05:02 AM
HRSD Vancouver: COE Security policies inheritance explained
Please find here a logical depiction of how COE Security policies and ACLs are evaluated in the (Out of the Box) ServiceNow setup
COE Security Policies and ACL's
COE security policies are a no-code way to configure access to the different HR Case tables (Centers of Excellence; COE’s). Read more about the evaluation of them here.
Up until Vancouver there was however a difference in how COE security policies handle Hierarchy versus how Access Control Lists (ACLs) handle them.
As an example, we can look at HR Core Case, that is an extend of Task. The different COE’s are in itself an extend of HR Core Case.
For ACLs it will look from most specific (f.e. Payroll) to least specific. Meaning that if you have not specified a more specific ACL on Payroll, it will look for an ACL on HR Core Case, if it cannot find any there, it will finally resort to the Task level (or even * level; meaning the fallback for any table). This means that there is a certain connection between the tables in terms of inheritance/hierarchy like depicted below.
Utah --> Vancouver
Up until the Utah release this however was not the case for COE Security policies. You could not specify on HR Core Case level a policy that would cover all Child tables (f.e. Payroll, HR IT, and Employee relations).
This meant that you would have to set up policies on each level. For example, if you want to allow ‘Group A’ access to all 3 tables, as well as the HR Core Case table, you need to specify it 4 times.
From Vancouver on it is possible to set up 1 policy that applies to all Child COEs:
(Note that ‘Applies to all services’ will be automatically checked and read only)
This inheritance will allow us to set up 1 policy that will roll down to the other levels
In combination with the added ‘Policy name’ and ‘Short description’ this adds to the maintainability and efficiency of the COE Security policy setup.
- 2,609 Views
- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
Thanks a lot for the clear explanation Willem!
- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
Really helpful...This feature will help in reducing the number of COE security policies.

- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
Thanks for sharing, Willem, crisp and clear as always!
- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
Thanks @Willem very helpful information.
Do we have any way to extend the COE policies on the child HR Tasks as well for the respective COEs ?