The Zurich release has arrived! Interested in new features and functionalities? Click here for more

Restrict Table Record Visibility Based on Business Application User Association in ServiceNow

Praneeth CR
Tera Contributor

‎07-15-2025 04:24 AM

I need help for creating query Business rule, as I'm having requirement to restrict 4 table's based on one table in ServiceNow. Below I have structed the thing how it needs to restrict. Based on Business application table fields all other table needs to restrict and the restriction is not for admins.

1. Business Application Table

  • Relevant Fields (User References):
    • Owner(references User table)
    • application Owner(references User table)
    • Contract Owner(references User table)
    • Business Owner(references User table)
    • Vendor (references vendor table)

2. Vendor Table

  • Relationship:
    Each Business Application references a Vendor.
    In the Business application there is one field name "vendor" it is referring the vendor table.
  • Access Rule:
    A logged in user should only be able to view Vendor records that are associated with at least one Business Application where the logged in user is referenced in any of the four user fields (Owner, application Owner, Contract Owner, Business Owner).

3. Vendor Risk Assessment Table

  • Relationship:
    Each Vendor Risk Assessment references a Vendor (via the Vendor table).
    The "Third party" field references the Core Company table.
  • Access Rule:
    A logged in user should only be able to view Vendor Risk Assessment records that are associated with Vendors linked to Business Applications where the logged in user is referenced in any of the four user fields (Owner, application Owner, Contract Owner, Business Owner).

4. Vendor Contact Table

  • Relationship:
    Each Vendor Contact references a Vendor (via the Vendor table).
    The "Vendor" field references the Core Company table.
  • Access Rule:
    A logged in user should only be able to view Vendor Contact records that are associated with Vendors linked to Business Applications where the logged in user is referenced in any of the four user fields (Owner, application Owner, Contract Owner, Business Owner).

5. CRA Table

  • Relationship:
    Each Vendor Risk Assessment references a CRA record (via the CRA table).
    In the Vendor Risk table there is one field name "CRA ID" it is referring the CRA table.
  • Access Rule:
    A user should only be able to view CRA records that are associated with Vendor Risk Assessments, which are linked to Vendors, which are in turn linked to Business Applications where the user is referenced in any of the four user fields.

    Kindly assist.! Let me know If it's require more information about the same.
0 Helpfuls
  • 329 Views
2 REPLIES 2

Mark Manders
Mega Patron

‎07-15-2025 05:25 AM

Did you check on Security Data Filters or Deny-Unless ACLs. Those are better to maintain than a query br.


Please mark any helpful or correct solutions as such. That helps others find their solutions.
Mark
0 Helpfuls

Anand Kumar P
Giga Patron
Giga Patron

‎07-15-2025 05:42 AM

Hi @Praneeth CR ,

 

Create read  Deny‑Unless ACLs deny access unless the user explicitly meets role, condition, and script requirements, acting as a strict gate before any Allow‑If rules are evaluated.

 

If my response helped, please mark it as the accepted solution and give a thumbs up👍.
Thanks,
Anand

0 Helpfuls