How to restrict HR cases based on assigned to using COE Security rules

Chaiatnya
Tera Contributor

‎09-05-2023 07:25 AM

Hi all,

 

 I've requirement to show some confidential cases only to submitted users and assigned to user, but not the assignment group. How to achieve this using COE security policies.

0 Helpfuls
  • 2,168 Views
6 REPLIES 6

SANDEEP28
Mega Sage

‎09-05-2023 08:44 AM

@Chaiatnya In COE security policies, you can only restrict using assignment group. Its not possible to restrict for submitted user or assigned to user.

 

If you want to show confidential cases to submitted person (Opened by) on ESC portal then you need to change the script or add more filter in below My request filter record 

 

javascript:sn_hr_core.hr_caseOpenRequestFilterUtil() --> you need to alter this script

 

SANDEEP28_0-1693928570978.png

 

If you want restrict for assigned to user then you need to go ACL's.

 

If I could help you with your Query then, please hit the Thumb Icon and mark as Correct !!

 

JamesEcoStratus
Mega Guru

‎09-05-2023 01:11 PM

Hi, based on my understanding of your question from the information you’ve provided, you could potentially try the following.

 

In ServiceNow HR Service Delivery (HRSD), you can use COE (Center of Excellence) security policies to control access to confidential cases based on specific conditions, such as allowing access to the submitted user and the assigned user but not to the assignment group. Here's a step-by-step guide on how to achieve this:

 

1. Access Security Policies:

Log in to your ServiceNow instance as an administrator or a user with appropriate permissions.

Go to "System Security" > "Security Policies."

 

2. Create a New COE Security Policy:

Click on "New" to create a new security policy.

 

3. Define the Policy Conditions:

Give your security policy a meaningful name and a short description.

In the "Conditions" section, define the conditions under which this policy should apply. You'll want to specify the conditions that match confidential cases assigned only to the submitted user and assigned user, but not the assignment group. Here's an example condition:

 

Here's an example of how your script action might look (assuming you have a translation function):

 

Screenshot 2023-09-05 at 12.58.32.png

 

This condition checks if the case is in a "confidential" state, has no assignment group, and is assigned to the currently logged-in user.

 

4. Define the Policy Actions:

In the "Actions" section, specify what actions should be taken when the conditions are met. You want to allow access to confidential cases for the specified users.

Select the "Read" action and set it to "Allow."

 

5. Define the Policy Roles:

In the "Roles" section, add the roles that should be subject to this security policy. Typically, you would add the "hr_case" or a similar role that is assigned to HR users who handle HR cases.

 

6. Activate the Security Policy:

Save the security policy and make sure it's active.

Now, the COE security policy is set up to allow access to confidential cases for HR users who match the defined conditions (i.e., cases assigned to the submitted user and assigned user but not the assignment group). This policy will ensure that only the intended users have access to these confidential cases.

 

Please make sure to thoroughly test this security policy in a non-production environment to ensure it meets your specific requirements and does not inadvertently grant access to unauthorized users.

 

Security policies are critical for maintaining data privacy and access control in ServiceNow, so careful configuration is essential.

 

Good Luck!

 

James @Ecostratus

 

If I helped you with your question, then please hit the Thumb Icon and mark it as Helpful or Correct.

Chaiatnya
Tera Contributor
In response to JamesEcoStratus

‎09-05-2023 04:36 PM

@JamesEcoStratus HI James, I don't see Security policies under system administrator. I saw this under "HR administration" but said fields are not available. Am I missing anything. Can you help me  

0 Helpfuls

JamesEcoStratus
Mega Guru
In response to Chaiatnya

‎09-05-2023 05:01 PM

I’m not sure which version of ServiceNow you are utilizing or which environment or roles you have been provided, but let's walk through some basic troubleshooting steps. In the end, however, you may need to reach out to your ServiceNow support team to complete your task.

 

In ServiceNow, the availability of certain features and modules can vary depending on your instance's configuration and the specific subscription or licensing you have. Security policies are typically associated with IT security and governance rather than HR administration.

 

Here are some steps you can take to troubleshoot the issue and locate Security Policies:

  1. Check your Role: Make sure you are logged in with a user account that has the necessary permissions to view and configure Security Policies. In most instances, the "admin" or "security_admin" role should have access to this feature.
  2. Check Modules: ServiceNow is highly customizable, and modules can be added or removed based on your organization's needs. Ensure that the "Security Policy" module is available and not hidden in your instance. You can navigate to "System Definition" > "Modules" and search for "Security Policy" to verify its visibility.
  3. Permissions and ACLs: Ensure that the security policies and access control lists (ACLs) for the "Security Policy" module are correctly configured. If permissions are restricted, it may impact your ability to see or access the module.
  4. Check Scoped Applications: Sometimes, security-related features might be implemented as scoped applications or plugins. Check if there are any security-related plugins or applications installed and verify if Security Policies are part of any of those scoped applications.
  5. Instance Version and Customization: The availability of features can also depend on the version of ServiceNow you are using and any customizations made to your instance. Ensure your instance is up to date and that customizations haven't affected the visibility of the Security Policies module.
  6. Contact Your ServiceNow Administrator: If you've checked all the above steps and still can't find Security Policies, it's advisable to contact your ServiceNow administrator or support team. They can investigate the issue further and provide guidance specific to your instance.

Remember that ServiceNow instances can be highly customized, so the exact location and visibility of features may differ from one instance to another. If Security Policies are essential for your tasks, your ServiceNow administrator should be able to assist you in configuring or troubleshooting any issues with access to this feature.

 

Good Luck!

 

James @Ecostratus

 

If I helped you with your question, then please hit the Thumb Icon and mark it as Helpful or Correct.