COE policy

GhitaB · ‎04-14-2025

Can COE Security Policy Prevent a User from Seeing or Acting on an HR Case, Even with Correct Roles and Group Membership?

Hi everyone,

I'm troubleshooting an issue in my ServiceNow HRSD environment where a user cannot view or take action on HR Payroll cases although everything seems fine at first glance.

Here’s the situation:

The user has the appropriate HR roles (like sn_hr_core.case_reader).
The user is also part of the Assignment Group on the case.
However, the user cannot see the case or receive any notifications related to it.

My question is:
👉 Could this COE Security Policy difference be the reason why the user is unable to see or act on HR cases cause his group is not part of this coe policy — even though they have the right roles and are part of the Assignment Group?

Any confirmation or additional insights on how COE Security interacts with roles/groups would be greatly appreciated!

Laszlo Balla · ‎04-14-2025

That is absolutely a possible reason, in fact, the whole point of having the CoE Security Policies in place is to manage read/write access on a COE or HR Service level.

Take a look into the out of the box read or write ACL scripts on the sn_hr_core_case table - the underlying script includes are actually checking whether the user has a matching CoE Security Policy, and if not, they would already fail the ACL evaluation on the table level.

View solution in original post

Sandeep Rajput · ‎04-14-2025

@GhitaB If the Assignment group is not part of COE security policy then the user who is member of the assignment group having the sn_hr_core.case_reader will not be able to access the case data. Add the group in the COE policy and the case will be visible to the user.

View solution in original post

GhitaB · ‎04-14-2025

Thank you so much for the clarification , appreciate it

Sandeep Rajput · ‎04-14-2025

@GhitaB Please consider marking the responses accepted solution if they addressed your questions.