Disclaimer – This article is part of a series exploring the new features and capabilities introduced in the Zurich release. Since we’re still in the Early Availability (EA) phase, things may change before General Availability (GA). After GA, these articles will be reviewed and updated as needed. Also, this message will be removed.
As AI becomes more and more integrated into the ServiceNow AI Platform you also need to store more data on the platform to feed it your AI Agents to fully leverage the advantages of this technology. With this development it is even more important that also the security improves and that the configuration of the security gets easier to prevent any misconfiguration.
That’s why it’s no surprise that ServiceNow continues to invest heavily in security, rolling out new features with every release. We’ve already seen a host of new ACL types and features in recent releases, and the Zurich release keeps that momentum going. One of the new additions is Datatype ACLs.
What are Datatype ACLs?
With datatype ACLs, you can control access to data based on the field type, regardless of which table the field belongs to. This opens up entirely new ways to meet regulatory requirements and fine-tune your data governance strategy.
When combined with the deny-unless feature introduced in the Xanadu release, you have a powerful tool to level up your security.
How to create a Datatype ACL?
The syntax is simple:
*.[datatype]
For datatype you can choose any type listed in the table sys_glide_object.
If you can’t write to the name field in the ACL directly, just click the “Change mode” icon next to the name.
That will switch the field to a text input so you can enter your datatype ACL directly.
One of the first use cases that probably comes to mind is restricting access to scripting fields. The good news is you don’t have to build that. ServiceNow already provides a solution in the Zurich release called the Scripting Governance Tool.
In fact, if you've already upgraded to Zurich, you may have noticed some datatype ACLs were automatically added. These come bundled with the Scripting Governance Tool.
If you want to know more about the Scripting Governance Tool check out my article: Scripting Governance Tool
You can see all datatype ACLs by searching for:
*.[
When planning your datatype ACLs there are some limitations you need to keep in mind.
Datatype ACLs can’t be created for a specific table. If you try to create a datatype ACL for a table, you will receive the following error message:
Maybe this is something we’ll see in the future since the error message specifically says it’s not possible with the Zurich release. Who knows what might come next?
Another thing to keep in mind, you can’t create datatype ACLs within a scoped application. If you try, you’ll see the following error message:
If you think about it, this actually makes perfect sense because datatype ACLs are applied globally to all tables, not just to the ones within your application.
