How to setup COE Security Rules?

peter_repan
Tera Guru

‎09-28-2023 02:38 PM

Hi, regarding COE Security rules setup - I can setup condition "Assignment rule is (dynamic) one of my groups", but then I have to always define all groups in embedded list who should have access?

 

My use case is the following:

  • we have HR service in 5 different COEs
  • we have ~20 HR groups granting "sn_hr_core.basic" role, which should have access to HR case if "Assignment group" is current group of logged-in user

 

Does it mean I must create COE Security rule for every COE and list all 20 groups under every COE Security rule record?

peter_repan_0-1695936834792.png

And in case we create 5 new HR groups, I need to enter again 5 new groups under every COE Security rule ? That's how I currently see it and it's looks to me totally unmaintanable if we get more and more groups.

 

Is there any way how to make it more dynamic? Or would it be preferred in this case to rather use query business rule / ACL instead of COE Security rules

 

I would be grateful if anyone can provide a nice & complex example how to setup complex COE Security rules, because I don't see much benefits of this feature if you have too many groups and more complex assignment logic.

0 Helpfuls
  • 1,906 Views
1 REPLY 1

michaelj_sherid
ServiceNow Employee
ServiceNow Employee

‎09-28-2023 02:48 PM

@peter_repan There have been a lot of enhancements on the COE Security policy for Vancouver. If you plan to upgrade, the COE Security has been improved so you may want to consider configuring them on Vancouver. Here is the Release Notes for HRSD that include the COE Security enhancements. One, which answers your question regarding a policy for each COE. Prior to Vancouver that was needed, but V and later, you can apply the security policy to all COEs. I am happy to answer any further questions but I feel you will be good to go once you check out the enhancements.


Regards,

Mike

0 Helpfuls