Configuring confidential inheritance in your tables

  • Release version: Washingtondc
  • Updated February 1, 2024
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Configuring Confidential Inheritance in Your Tables

    Confidential inheritance allows you to manage the confidentiality status of related records in your tables within the GRC application. When a parent record is marked or unmarked as confidential, its associated records reflect this change automatically, ensuring consistent data confidentiality management across related tasks.

    Show full answer Show less

    Key Features

    • Automatic Marking: When a parent record is marked as confidential, all related records, such as remediation tasks, are also marked confidential.
    • Automatic User and Group Inheritance: The allowed users and groups for the parent record are automatically applied to related records.
    • Unmarking Confidentiality: When confidentiality is unmarked for a parent record, a dialog prompts whether to unmark it for all related records or just the parent.
    • Controlled Inheritance: New related records added after the initial marking of confidentiality will not automatically inherit the confidential status.

    Key Outcomes

    By implementing confidentiality inheritance, ServiceNow customers can ensure that confidentiality settings are uniformly applied across related records, improving data security management. Users can easily manage the confidentiality of parent and related records while maintaining control over user access and ensuring compliance with confidentiality requirements.

    You can set up confidentiality inheritance in the tables that are already configured in the confidentiality configuration module. In the GRC application, whenever a parent record is marked or unmarked as confidential, its related table records are also marked or unmarked as confidential.

    When you mark an issue as confidential, a related remediation task is automatically marked as confidential. For example, let's look at issue A. Issue A has the remediation tasks P, Q, and R. If issue A is marked as confidential, the remediation tasks P, Q, and R are also marked as confidential. The allowed users and groups are automatically appended based on the remediation task's confidentiality configuration record. Issue A's allowed users and groups are automatically appended to the inherited records P, Q, and R.

    When an issue's confidentiality is unmarked, the corresponding confidentiality of a remediation task is also unmarked. Let's look at issue A again. Remember that issue A has the remediation tasks P, Q, and R. If the confidentiality is unmarked for issue A, then a dialog box appears with a question about whether it's okay to unmark the confidentiality for all the related tasks P, Q, and R or only for issue A. Based on what the selection is in the following example, the related records are unmarked as confidential.

    Figure 1. Unmark confidentiality
    Unmark confidentiality.

    As shown in the example dialog box, if Include downstream records was selected, then the confidentiality is unmarked for all the downstream records. If Only this record was selected, the confidentiality is unmarked for that single record only.

    If you have access to the related confidential records and remove the confidentiality for a parent record, then the related records are also non-confidential.
    Note:
    An inheritance configuration should exist between the parent and inherited tables.

    Examples of confidentiality inheritance

    Inheritance works only at the point of marking a parent record as confidential. Let's look at the following two examples:

    1. When a parent record is marked as confidential, the related non-confidential records are also marked as confidential due to the inherited configuration. But, if a related record is added later, it isn’t automatically marked as confidential.
    2. Whenever confidentiality is marked on a parent record and the inheritance isn’t passed to the related records, the changes that are made later to the allowed users and groups of the parent record are not inherited in the related records.

    For more information about the confidentiality inheritance configuration, see KB1213404 You must log in to the Now Support to view the Knowledge Base articles.