Entity Based Access

  • Release version: Zurich
  • Updated March 12, 2026
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Entity Based Access

    Entity Based Access (EBA) in ServiceNow enables administrators to implement granular data segregation based on entities, enhancing security by controlling access to records such as risks, controls, and issues. Unlike previous role-based restrictions, EBA allows mapping of users or user groups to specific entities, ensuring that users only access data pertinent to their assigned entities. This capability helps minimize unnecessary data exposure and supports secure governance across different geographical locations or organizational functions.

    Show full answer Show less

    Key Features

    • Granular Access Control: Provides detailed control over access to various objects through entity mappings.
    • Flexible Configuration: Supports configuration within entity hierarchies, entity classes, or entity types, enabling restrictions on downstream records or groups of entities.
    • Bulk Access Updates: Allows selective, gradual application of access restrictions to large sets of scoped records to avoid operational disruption.
    • Dynamic User Access: Access can be granted dynamically through entity user fields or user group fields, automatically adjusting when users or groups change.
    • Automated Access Rules: Entity-based record access rules enforce restrictions automatically on new or updated records without manual intervention.
    • Access Update Utility: A guided tool simplifies enabling or disabling access restrictions across many records efficiently.
    • Deactivation Management: Deactivating EBA configurations automates record-level access reevaluation to streamline administrative processes.

    Important Considerations

    • EBA cannot be used alongside User Hierarchy Access or User Group Access if those are enabled.
    • Confidential users retain access to confidential records regardless of EBA configuration.
    • Performance limitations and custom table usage are documented in official KB articles and should be reviewed before implementation.

    Practical Application

    ServiceNow customers can leverage Entity Based Access to enforce data access segregation aligned with organizational entities, ensuring compliance and reducing risk of data leaks. Administrators can configure EBA through the application installed from the ServiceNow Store and manage access by entity, entity class, or entity type. The solution is especially useful for organizations requiring strict data governance across regions or departments.

    The Entity Based Access (EBA) application enables you to segregate data on the records that are based on entities. Entity-based access administrators can use this tool to set up secure, controlled access to various objects.

    Entity Based Access overview

    Before the Yokohama release, user restrictions were based only on their roles within the system without consideration for their geographical locations or specific functions. Access to objects like risks, controls, and issues was broadly managed. For example, a risk manager in North America had access to risk records across all regions, not just their own.

    From the Yokohama release onwards, Entity Based Access facilitates object access via entities. You can map entities to specific users or user groups, enabling you with a granular level of access control.

    With Entity Based Access, you can segregate data and manage access to help ensure that users can only access permitted data through entity-based access. Your administrators can grant access to an entity’s related records. They can add users or user groups for access. Access can also be granted through entity user fields or entity user group fields, minimizing the risk of unnecessary data exposure.

    To use the Entity Based Access configuration, navigate to Entity Based Access Configurations in an instance.

    Key features of Entity Based Access

    Key features of the Entity Based Access configuration include:
    • Detailed control over access to various objects via entities within the system.
    • Versatile configuration options. For example, you can configure Entity Based Access within an entity hierarchy to restrict access to the entity and its downstream related records or across a group of entities by using an entity class or entity type. With bulk access update configurations, you can apply access restrictions selectively to scoped records. You can implement access restrictions gradually to help ensure smooth adoption without operational disruptions.
    • Access that is provided by including specific user field or user group fields in the entity-based access configuration. Users who are part of the configuration get dynamic access to the records.

    Key points to note about Entity Based Access

    Entity Based Access restricts access to records to users based on the configuration as shown in the following diagram:

    Figure 1. Entity-based access security flow
    Entity-based access security flow that is described in the text that follows.
    The details about the entity-based access security flow are:
    • If User Hierarchy Access or User Group Access is enabled, you can't use Entity Based Access.
    • Confidential users can continue to access the confidential records whether they’re or not part of the entity-based access configuration.
    Important: