The CreatorCon Call for Content is officially open! Get started here.

michaelj_sherid
ServiceNow Employee
ServiceNow Employee

Hello Friends! We have been getting questions around email security, specifically when an email comes into the instance. How is this identified as an HR Email?


For starters, we need to look at the mechanisms put into place for email security. The moving parts of this functionality involve the inbound email message, the email address used to send the email to HR, HR Properties, and the role to read HR Cases. We will explain how this all works in the following paragraphs.

 

Since the email table is in the Global scope, we have a Scoped Access Control Lists (ACLs) on the Email table. If the email has a reference to a HR scoped table such as HR Case or HR Task, the scoped ACL will prevent access. You may ask, “How does the system know that the email is for HR?” The answer is the email configuration under HR Administration > Properties.

find_real_file.png

When an email is received in the instance, the inbound action “Create HR Case” looks at the property mentioned above to determine if this is an email address for HR. This inbound action sets the necessary fields and identifies the email as one intended for an HR Case. A script completes the Create HR Case inbound action. This step secures any email identified as an HR-centric email.

find_real_file.png

The second step of security locks down access using an ACL. There is an out of the box scoped ACL — sys_email (read) located under System Security > Access Control (ACL). This ACL restricts access to users that do not have the necessary HR Role to see these records. The ACL, out of the box, runs a check to ensure that the user accessing the HRSD scoped record has the role of sn_hr_core.admin or has the access separately to read the target HR record. Access this role from User Administration >Roles.

Here is a diagram of the flow to show the processing of the inbound email to HR:

find_real_file.png

In conclusion, the Global elements of ServiceNow can work seamlessly with the Scoped Applications on the platform with the use of Scoped Access Control Lists (ACL).  Having the proper configurations in place will ensure the intended security is in place.

We hope this gives the necessary insight to understand the HR Email security. 

3 Comments