How to set a Protection Policy on custom Script Includes and custom Tables?

georgimavrodiev · ‎09-05-2017

Hello All,

I am interested in setting protection policy to a Script Include of one custom application of mine, along with setting the same to one of its tables.
I've reviewed the documentation about this option. From what I understand, if you are operating in a custom scope and set a Script Include's Protection Policy to 'Protected' - its Script field or in other words - its code - should not be visible to any users who imported the Update Set of the application in another instance. In the same time, if no workarounds (no scripts that remove Protection Policies are used) the user who uses the app in a different instance should also not be able not only to see the script of the Script Include, but also to change the type of the Protection Policy. Yet, this is not what I observed during my tests.

I used two DEV Instances: Jakarta & Istanbul.
I created a custom application on the Jakarta one and set the Protection Policy type of one of its Script Includes to protected.
Then I exported the application via an Update Set and imported it into the Istanbul instance. Once the Update Set was Committed on the Istanbul instance -> I opened the respective Script Include with the System Administrator and here is what I saw:
- I was not able to change the type of the Protection Policy of the Script Include;
- However, I was able to see its code (script);

Could you please provide me with explanation of this behavior plus steps how to achieve the one I am looking after?
If you know for the existence of any more detailed documentation on the matter, but the one available in SNOW Wiki & SNOW Docs, please share link also.

Last but not least -> could you please let me know how I can set a Protection Policy to a table of my custom application?

Thank you in advance!

Best Regards,
Georgi Mavrodiev

Chuck Tomasi · ‎09-05-2017

Hi Georgi,

This field is mainly intended for our TPP (technical partner program) - those people who create apps and publish them to the store. It's my understanding that it has no effect when going between instances in the same family/company (e.g. AcmeDev, AcmeTest, and AcmeProd).

Script protection policy

View solution in original post

georgimavrodiev · ‎09-05-2017

Chuck, sounds reasonable.

Ok, I would like you to confirm two more things to me

1. The two DEV instances on which I performed the test has nothing to do between themselves, as they are of different users (owners, to say so). Does this mean that the protection policy does not apply for DEV, but only for Vendor instances?

2. Where I may find a detailed official documentation of how to set Protection Policy against a table, UI action and etc.?

Regards, Georgi

Chuck Tomasi · ‎09-05-2017

I'm not sure I understand item #1. Are the dev instances using the same customer prefix (e.g. scope x_1234_myapp, where 1234 is the customer prefix) or do they have different prefixes (x_1234 and x_4567)?

How are you migrating the app between the instances? Update sets? GitHub repo?

For #2, see the link I provided earlier.

georgimavrodiev · ‎09-06-2017

Morning Chuck,

Question number 1 was about the fact if the protection policy works on DEV instances of different owners or DEV instances at all.

Question 2 was about the exact steps which need to be followed in order for me to set protection policy on a table in my custom application.

In regards to your question - I am moving the application via an Update Set.

Thank you for assisting me here, Chuck!
I will address the matter with the ServiceNow colleague who will be presented during the demo, when the time comes.

Cheers, Georgi

User329467 · ‎02-09-2020

Hi Georgi,

Have you achieved it? If so, can you elaborate me the process?

Thanks,

Priyatham.