access analyzer

mathewirene
Tera Contributor

yesterday

Hello Everyone,

I recently came across a feature in ServiceNow called Access Analyzer, and I’m exploring the possibility of implementing it in our environment. While I’ve reviewed the basic descriptions available, I’m looking for something more comprehensive and practical.

Could someone please share:

  • A detailed document or guide on how to use Access Analyzer
  • Real‑world examples, best practices, or implementation steps
  • Any reference materials, training content, or internal documentation you’ve found useful

I’m particularly interested in understanding:

  • How to evaluate and compare user access
  • How to troubleshoot ACL or permission issues using this tool
  • How Access Analyzer fits into ITSM workflows like Incident Management or access‑related RCA
  • Any prerequisites, roles, or configuration requirements

If anyone has experience enabling it in their instance or can point me to a thorough resource, that would be extremely helpful.

Thank you in advance for your support!

0 Helpfuls
  • 125 Views
3 REPLIES 3

Nilesh Pol
Kilo Sage

yesterday

hi, @mathewirene 

Detailed Guide and Implementation Steps
Access Analyzer offers three primary functions to evaluate, compare, and simulate access permissions: 
1. Evaluate Access
This feature provides a detailed analysis of a user's, role's, or group's access to a specific resource (table, UI page, script include, or REST endpoint).
  • How to Use:
    1. Navigate to System Security > Access Analyzer > Evaluate Access.
    2. Select the Analyze by option (User, Group, or Role) and the specific identity.
    3. Choose the Rule type (Table, Client callable script include, UI Page, or REST endpoint) and the specific resource.
    4. Click Analyze permissions. The results show a breakdown of operations (read, write, create, delete, etc.) and whether access is passed, blocked, skipped, or undefined.
    5. Click on a specific operation to view the detailed debug logs, including which ACLs were evaluated, the required roles, conditions, and scripts that determined the outcome. 
 
2. Compare Access
This allows you to compare the permissions of two users to identify discrepancies. 
  • How to Use:
    1. Navigate to System Security > Access Analyzer > Compare User Access.
    2. Select two users for comparison and specify the resource you are interested in.
    3. The results highlight differences in roles, groups, and access permissions for the specified resource, making it easy to see what one user can do that the other cannot. 
 
3. Access Simulator
This feature lets you model the impact of adding or removing roles/groups before making actual changes, reducing risk.
  • How to Use:
    1. Navigate to System Security > Access Analyzer > Access Simulator.
    2. Select a user and the potential role or group changes you want to test.
    3. Run the simulation to see a visual map of the resulting role hierarchy and the impact on resource access.
    4. If satisfied with the outcome, you can enable actions to apply the changes (ensure this setting is managed carefully as it is a powerful capability).
 
Real-World Examples and Best Practices
  • Troubleshooting ACL Issues: When a user reports they cannot access a record, use Evaluate Access to instantly determine the blocking ACL rule and the missing role or condition. The debug logs provide a cleaner interface than the traditional ACL debugger.
  • Onboarding New Employees: Use Compare Access to align a new employee's permissions with those of a peer (same job function/department), ensuring consistent and correct access provisioning.
  • Auditing and Compliance: Regularly use the comparison and evaluation tools to ensure adherence to the principle of least privilege, preventing over-provisioning of permissions and aiding in security audits.
  • ITSM Workflows: The tool speeds up the Incident Management process for access-related tickets, and provides data for RCA (Root Cause Analysis) of access issues. The results can be exported for documentation and sharing with support teams. 
 
Prerequisites, Roles, and Configuration
  • Installation/Release: Available as a free app from the ServiceNow Store for instances running the Vancouver release or later. It is included by default from the Washington DC release onward.
  • Required Roles: The AA_admin role is required to access and use Access Analyzer. The admin and security_admin roles are needed to make changes to the underlying ACLs and security policies after an analysis.
  • Configuration: The tool is largely configuration-free, but some advanced features like "Access Insights" can be toggled in the Settings tab. Ensure the "Enable taking actions on Role and Group assignments" setting in the simulator is managed with caution in production environments. 
 
Reference Materials
For official and community resources, refer to:

please mart helpfile and accept as a solution if you satisfied with this explanation.

thank you

0 Helpfuls

Chaitanya ILCR
Mega Patron

yesterday

Hi @mathewirene ,

 

Check these out

 

https://www.youtube.com/watch?v=1x62ZwWb8Ao

https://www.youtube.com/watch?v=QA8oVK8fAlo

 

Please mark my answer as helpful/correct if it resolves your query.

Regards,
Chaitanya

Access Analyzer in ServiceNow | A Vancouver Feature
Access Analyzer in ServiceNow | A Vancouver Feature
youtube.com/watch?v=1x62ZwWb8Ao
If you find these tutorials helpful and want to support the channel, consider buying me a coffee: https://www.buymeacoffee.com/saaswnow. Your support goes a long way in creating more high-quality, useful content!" Today, we're diving deep into a feature of ServiceNow introduced in the Vancouver ...
Access Analyzer in Vancouver - Live Coding Happy Hour - ServiceNow
Access Analyzer in Vancouver - Live Coding Happy Hour - ServiceNow
youtube.com/watch?v=QA8oVK8fAlo
In this session we will be going deep dive into Access Analyzer in Vancouver. Hosts: Earl Duque, Pranav Bhagat Guests: Harneet Sital, Ishaan Shoor #servicenow #servicenowdev acl security
0 Helpfuls

Ankur Bawiskar
Tera Patron

yesterday

@mathewirene 

you can check these links

Get the right access, faster: How Access Analyzer helps you work smarter 

ServiceNow Access Analyzer Overview 

[Vancouver Release] Customers gain enhanced access visibility with ServiceNow Access Analyzer 

Everything about Access Analyzer 

💡 If my response helped, please mark it as correct and close the thread 🔒— this helps future readers find the solution faster! 🙏

Regards,
Ankur
Certified Technical Architect  ||  9x ServiceNow MVP  ||  ServiceNow Community Leader
0 Helpfuls