HR COE security policy VS ACL

Vijay Baokar · ‎06-13-2024

Hello Folks,

I have a scenario where an HR case HRC121 is created on "sn_hr_core_case_benefits" table and the case is assigned to "US Benefits" and i have another group "IND Benefits".

Now members from "IND Benefits" should not have read access or visibility to case HRC121.

is it supposed to be handled via COE security policy or ACL ?

If we write an ACL then it should be on "sn_hr_core_case_benefits" or "sc_hr_core_case" table with condition Assignment group is Dynamic to one of my assignment groups.

Basically group member should have access to only those cases if its assigned to their group , irrespective of Table and HR services.

Wessel van Enk · ‎06-13-2024

Hi Vijay,

Within the HR scopes, the COE policies are the way to go for these things.
You can setup a Read COE Sec Policy on the Benefits COE with the condition ''Assignment Group = {Dynamic} One of my Groups. But do not forget to add the group into the list of groups in the policy 😉

This way the platform checks if you are a member of the current assignment group of the case, if so, you can read it, otherwise they cannot. This should fix the issue. You can always add ACL's later on if you need any more detailed or heavy condition restrictions.

View solution in original post

Yashsvi · ‎06-13-2024

Hi @Vijay Baokar,

please check below link:

https://www.servicenow.com/community/hrsd-articles/hr-security-evaluation-acl-s-and-coe-security-pol...

Thank you, please make helpful if you accept the solution.

Wessel van Enk · ‎06-13-2024

Hi Vijay,

Within the HR scopes, the COE policies are the way to go for these things.
You can setup a Read COE Sec Policy on the Benefits COE with the condition ''Assignment Group = {Dynamic} One of my Groups. But do not forget to add the group into the list of groups in the policy 😉

This way the platform checks if you are a member of the current assignment group of the case, if so, you can read it, otherwise they cannot. This should fix the issue. You can always add ACL's later on if you need any more detailed or heavy condition restrictions.