COE ACL Configuration

Roshani
Tera Expert

‎11-09-2020 12:49 AM

Hi All,

I want to implement COE ACL configuration for payroll case table . Please let us know how to proceed. 

0 Helpfuls
  • 2,054 Views
4 REPLIES 4

Anusha Reddy1
Giga Expert

‎11-09-2020 01:58 AM

Hello Roshani,

Use COE Access Control List (ACLs) Configuration to allow specific groups read or write access to HR cases under a specific COE.

Please refer below threads which might help you to proceed further:

https://docs.servicenow.com/bundle/orlando-hr-service-delivery/page/product/human-resources/concept/hr-service-categorization.html#configure-hr-coe-security

https://community.servicenow.com/community?id=community_question&sys_id=0a202ab7dbb8d41013b5fb24399619c7

0 Helpfuls

Susan Britt
Mega Sage
Mega Sage

‎11-09-2020 04:27 AM

Some things to keep in mind while you are doing this that may not be very clear when reading the docs are: 

The purpose of the security policy is to restrict HR Case access for those that already have access to them (i.e. all users in HR groups; sn_hr_core.basic role).  Remember by default, all HR groups have access to read and write to all HR Cases, regardless of COE table and HR Service.  With the COE Security Policy, you can restrict it.

  • To restrict who can read a table and/or hr service, create a "Read" policy and add the groups that will still be able to read.  This will remove the read access from all other HR groups.
  • To restrict who can write/update, create a "Write" policy and add the groups that will still be able to write.  This will remove the ability to update cases from all other groups.  
    • The other groups will still be able to read the cases, if a specific "Read" policy hasn't been created
    • If a "Read" policy has been created, the groups in this "Write" policy must also be in the "Read" groups.

Community Alums
Not applicable
In response to Susan Britt

‎12-10-2021 08:15 AM

Hello Sbritt,

I have written Read security policies on a COE to allow read only access to XYZ group. But XYZ group is having both read and write access to cases.

And I dont have any policies written for Write operation on that COE. Whether it's the reason for "XYZ" having write access. ?



Regards,
Prabhu V


0 Helpfuls

Susan Britt
Mega Sage
Mega Sage
In response to Community Alums

‎12-10-2021 10:09 AM

Hi Prabhu,

Correct, if you haven't created any specific write policies for the COE, XYZ group would have access to write.  This is because OOB, any HR group has read/write access to HR Cases/COE tables.  If you restrict the read only, then the groups in the read COE security policy will still have the ability to write.  Someone in ABC group would not have the ability to read/write anymore.