Configuring confidential inheritance in your tables

  • Release version: Zurich
  • Updated March 12, 2026
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Configuring confidential inheritance in your tables

    This feature in the Zurich release of the GRC application enables ServiceNow customers to configure confidentiality inheritance between related tables. When a parent record is marked or unmarked as confidential, its related child records automatically inherit or lose the confidentiality status accordingly. This helps maintain consistent confidentiality settings across related records without manual updates.

    Show full answer Show less

    Key Features

    • Automatic Inheritance: When a parent record such as an issue is marked confidential, all related records like remediation tasks are also marked confidential.
    • Allowed Users and Groups Propagation: The allowed users and groups from the parent record are automatically appended to the related child records based on their confidentiality configuration.
    • Unmarking Confidentiality: When unmarking confidentiality on a parent record, a dialog prompts whether to unmark only the parent or include all related downstream records, allowing flexible control.
    • Inheritance Configuration Dependency: Confidentiality inheritance requires an existing inheritance configuration between the parent and child tables.

    Important Considerations

    • Inheritance occurs only at the moment the parent record is marked confidential. If related records are added later, they do not automatically inherit confidentiality.
    • Changes made to allowed users and groups on the parent after marking confidentiality do not propagate to related records if inheritance was not passed initially.

    Practical Impact for ServiceNow Customers

    By configuring confidentiality inheritance, customers can ensure that sensitive information is consistently protected across related records, simplifying governance and compliance. The feature reduces manual overhead in maintaining confidentiality settings and provides control over propagation when unmarking confidentiality.

    You can set up confidentiality inheritance in the tables that are already configured in the confidentiality configuration module. In the GRC application, whenever a parent record is marked or unmarked as confidential, its related table records are also marked or unmarked as confidential.

    When you mark an issue as confidential, a related remediation task is automatically marked as confidential. For example, let's look at issue A. Issue A has the remediation tasks P, Q, and R. If issue A is marked as confidential, the remediation tasks P, Q, and R are also marked as confidential. The allowed users and groups are automatically appended based on the remediation task's confidentiality configuration record. Issue A's allowed users and groups are automatically appended to the inherited records P, Q, and R.

    When an issue's confidentiality is unmarked, the corresponding confidentiality of a remediation task is also unmarked. Let's look at issue A again. Remember that issue A has the remediation tasks P, Q, and R. If the confidentiality is unmarked for issue A, then a dialog box appears with a question about whether it's okay to unmark the confidentiality for all the related tasks P, Q, and R or only for issue A. Based on what the selection is in the following example, the related records are unmarked as confidential.

    Figure 1. Unmark confidentiality
    Unmark confidentiality.

    As shown in the example dialog box, if Include downstream records was selected, then the confidentiality is unmarked for all the downstream records. If Only this record was selected, the confidentiality is unmarked for that single record only.

    If you have access to the related confidential records and remove the confidentiality for a parent record, then the related records are also non-confidential.
    Note:
    An inheritance configuration should exist between the parent and inherited tables.

    Examples of confidentiality inheritance

    Inheritance works only at the point of marking a parent record as confidential. Let's look at the following two examples:

    1. When a parent record is marked as confidential, the related non-confidential records are also marked as confidential due to the inherited configuration. But, if a related record is added later, it isn’t automatically marked as confidential.
    2. Whenever confidentiality is marked on a parent record and the inheritance isn’t passed to the related records, the changes that are made later to the allowed users and groups of the parent record are not inherited in the related records.

    For more information about the confidentiality inheritance configuration, see KB1213404 You must log in to the Now Support to view the Knowledge Base articles.