Best practice - Setting up HRSD security for Restricted Populations

Chuck Collins · ‎01-22-2020

Most companies have restricted populations, groups of users for whose cases should only be viewable by a limited number of HR Fulfillers. For example, maybe the owner of the company, CEO, CFO, would be in a "Executive" restricted population, and all HR associates would be in a "HR" restricted population.

I'm looking for best practice to secure cases for these restricted populations so that only those fulfillers that should see these cases, can see them.

Use Case: An senior executive in the company submits a LOA case requesting leave for a sensitive operation. Because the subject person is in the "Executive" restricted population, we would only want a select number of LOA associates to have access to that case; rather a select few that are trained and knowledge about these types of cases.

Is there any best practice information available from ServiceNow that we could leverage in making decisions about how to configure Restricted Populations?

michaelj_sherid · ‎01-24-2020

Hi Chuck,

This is common to create custom roles to achieve these types of use cases. OOB we delivered a Secure Info Reader and Secure Info Writer for these types of use cases. Since you have different conditions that apply to different scenarios, it would be wise to create the custom read and write roles to meet your use cases. Reducing the number of scripted ACLs would be the goal.

Regards,

Mike

View solution in original post

michaelj_sherid · ‎01-24-2020

Hi Chuck,

This is common to create custom roles to achieve these types of use cases. OOB we delivered a Secure Info Reader and Secure Info Writer for these types of use cases. Since you have different conditions that apply to different scenarios, it would be wise to create the custom read and write roles to meet your use cases. Reducing the number of scripted ACLs would be the goal.

Regards,

Mike