Custom Now Assist Skill not executing after adding custom role in Security Controls (Zurich)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
an hour ago
Hi Everyone,
I am working on ServiceNow Zurich using Now Assist Skills in AI Agent Studio.
I created a custom Now Assist Skill for Security Incident Correlation because the out-of-the-box skill does not meet my use case. The custom skill works as expected and returns the expected results.
However, I have a new requirement from the client. They want certain confidential fields to be visible only when the logged-in user belongs to a specific custom role or custom group.
To achieve this, I added the custom role under the Security Controls section of the skill. After doing so, the skill no longer executes. However, if I assign the sn_si.read role in the Security Controls, the skill executes successfully.
The fields that need to be displayed are not limited to the Security Incident table. They are also retrieved from related tables such as:
Incident
Vulnerable Item
Problem
Change Request
I'm trying to understand whether the issue is related to cross-table access, ACL evaluation, or how Security Controls are enforced for custom skills.
I have a few questions:
Does the role configured in the Security Controls section need read access to every table and field referenced by the skill?
Are there any additional ACLs or Now Assist-specific permissions required for custom roles when using AI Agent Studio skills?
Is there a recommended approach for restricting confidential fields based on user roles or groups without relying on field masking or using a Script Tool after prompt execution?
Has anyone implemented a similar requirement or faced this issue? Any suggestions, best practices, or documentation would be greatly appreciated.
Thank you
Yamsani Bhavani
ServiceNow Developer - SecOps, IRM, NowAssist, Custom Applications