How can I hide sensitive data, that is stored in variables, with an ACL?

Go to solution
Casey23
Tera Guru

‎10-06-2022 12:43 PM

We are creating some new catalog items for HR and Payroll. I started with HR and have the catalog item completed, but now I need to hide the data from non-HR users. I created a read ACL as you can see in the attached image. To me it seems like it's setup correctly, but it's not working. If I impersonate an ITIL user, that user is able to see all of the variables and their values. I have confirmed that the ITIL user doesn't have the admin or Human Resources role that I'm using in the ACL. Any ideas what I might be doing wrong here? TIA

 

PS - The condition that was cut off at the bottom is just looking for the name of the item and is returning the correct number of matching records.

 

acl.png

0 Helpfuls
  • 1,600 Views
1 ACCEPTED SOLUTION

Go to solution
Mike_R
Kilo Patron
Kilo Patron

‎10-06-2022 07:37 PM

Go to the configuration for the variable, and in the permissions tab you can apply which roles can read, write, create.

Example

Mike266_0-1665110222313.jpeg

 

 

Mike
* My Collection of ServiceNow Stuff *

View solution in original post

5 REPLIES 5

Go to solution
Casey23
Tera Guru
In response to Brannon B_

‎12-13-2022 09:24 AM

If you are referring to the solution that was chosen, it should be working as long as the logged in user has the role that you used to restrict the variables. Remember they may need to log out and back in if they haven't done that since the roles were applied. 

 

In regard to ACLs, as Mike suggested, those are best used if you are planning to hide entire record. I also confirmed with support that ACLs cannot be used to hide variables on the back end, but keep them visible in the portal. This is not supported functionality.

0 Helpfuls