As a ServiceNow Platform Owner, restricting access to Platform performance monitoring tools is a fundamental step towards safeguarding sensitive data and maintaining platform integrity. Unrestricted access to these tools can pose a significant security threat, enabling unauthorized individuals to gain insights into the platform's operations, potentially leading to data breaches or malicious activities.
By implementing access controls, we can effectively limit the ability of unauthenticated connections to access performance monitoring pages. This includes restricting access to stats.do, threads.do, thread_pool_stats, and replication.do, which provide detailed performance data. Sensitive data such as server details, threads, and processes executed on the server should never be visible or accessible to the end user without appropriate privileges.
You can restrict using the below steps in system properties,
Step 1: Go to System Properties by navigating to "sys_properties.list" from the application navigator
Step 2: search for these properties - glide.security.diag_txns_acl , if not add this property.
Step 3: Enable value as True
When you set this property to true, the "glide.security.diag_txns_acl" property only allows access to the following by the administrator account:
- https://<instancename>.servicenow.com/stats.do
- https://<instancename>.servicenow.com/threads.do
- https://<instancename>.servicenow.com/replication.do
- https://<instancename>.servicenow.com/thread_pool_stats.do
Without enabling this setting, it is still possible to access these resources from an unauthenticated connection.
This remediation enforces only the administrator account to get access to the application-sensitive data for logging and troubleshooting purposes.
This solution was developed in response to a specific question from one of my clients. After thorough research and experimentation, I discovered this feature in ServiceNow documentation and found it to be exceptionally valuable and useful.
Here is the link for platfrom privacy & security
#servicenow #platform_privacy #security
1 Comment
