Data access & protection best practices (ACLs vs before query BRs vs Data filtration)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎10-17-2023 11:07 AM
Hi All - I'm just noticing the new-to-Vancouver feature in the ACLs called "Security Attribute Condition" which seems to be a GUI way to implement advanced scripts which seems to look at certain attributes of the person/record/object trying to access the data being evaluated by the AC.
I can now see several ways to secure and protect sensitive data in ServiceNow and I'm looking for some advice or best practice suggestions of when to use which and how...we've also got before-query business rules and data filtration.
It seems like many of these methods are equivalent-to and/or redundant-of each other...and I would suspect that lacking a data protection strategy within your organization could result in a difficult situation, when troubleshooting data access issues.
I am trying to suggest to the business leaders, that we develop and implement a data protection strategy to guide developers and fellow admins on which method to use and when...but I'm having a hard time coming up with ServiceNow backed/described use cases for each method, as a starting point.
The best I could find so far is an on-demand learning course for ACs...so, here I am - asking my fellow SysAdmins for their input!
Can anyone provide me with some tips for developing a strategy like this -- or for generating buy-in, related to this topic?
Also, if anyone has opinions on which data access/protection method(s) they like best and use in their respective organization(s), I welcome it, just as Scott Stapp would! Specifically, I can identify the methods listed below and have a basic understanding of when to use each...but looking for more than my basic understanding, if possible!
AC with "Requires Role" (very specific)
AC with "Security Attribute Condition" (evaluates based on where/how/who is accessing)
AC with "Data Condition" (evaluates based on data being accessed)
AC with "Advanced Script" (can do any of the above and more - such as glide record, etc)
Before-query Business Rule (seems to be a method which could be used before the Data Filtration feature was released)
Data Filtration feature (Exploring Data filtration (servicenow.com))
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎07-02-2024 06:43 AM
Thanks for rising this topic. I'm also interested in it.
Hope that you'll get an anwer.