Flow Designer – How to allow execution visibility without exposing data from underlying applications

test10
Tera Contributor

Tuesday

Hi everyone,

I’m trying to design a secure access model for Flow Designer execution visibility in production, and I want to avoid exposing sensitive data from underlying applications.

Requirement

We need certain users (e.g., support teams, app owners) to:

  • View Flow execution history
  • See status (success/failure), timestamps, and duration
  • Perform basic troubleshooting

But we do NOT want them to:

  • Modify or execute flows
  • Gain visibility into sensitive data stored in other applications/tables that flows interact with

 

I already tried below roles . They have access to go into flow designer, however they are not able to click into flow execution. I'm getting error message that use don't the the appropriate permission. 

Out-of-the-box roles like:

  • flow_operator (view execution details)
  • fd_read / fd_read_operations (read-only Flow Designer access)
0 Helpfuls
  • 488 Views
6 REPLIES 6

Tanushree Maiti
Tera Patron

Tuesday

Hi @test10 

 

You can give fd_read,  flow_report_viewer role to user and check.

 

Refer KB: KB2911488 Flow Designer — Read-Only Users Cannot View Flow Execution Contexts Due to Encryption Cont... 

 

 

Please Accept the solution if it assisted you with your question & Mark this response as Helpful.
Regards
Tanushree Maiti
ServiceNow Technical Architect
LinkedIn: https://www.linkedin.com/in/tanushreemaiti
0 Helpfuls

Tanushree Maiti
Tera Patron
In response to Tanushree Maiti

Tuesday

Also check : User access to Flow Designer 

 

Please Accept the solution if it assisted you with your question & Mark this response as Helpful.
Regards
Tanushree Maiti
ServiceNow Technical Architect
LinkedIn: https://www.linkedin.com/in/tanushreemaiti
0 Helpfuls

test10
Tera Contributor
In response to Tanushree Maiti

Tuesday

I already gave myself those roles and I'm seeing this error message when I click on the actual flow execution. 

Preview file
14 KB
0 Helpfuls

Ankur Bawiskar
Tera Patron

Tuesday

@test10 

flow execution might contain sensitive data such as PII if you are sending to 3rd party or credentials used for integrations

You can use encryption but I think it has limitations when it comes to flow logs etc where we see this information

better to raise a case with ServiceNow for this

💡 If my response helped, please mark it as correct and close the thread 🔒— this helps future readers find the solution faster! 🙏

Regards,
Ankur
Certified Technical Architect  ||  10x ServiceNow MVP  ||  ServiceNow Community Leader
0 Helpfuls