Entity Based Access
Summarize
Summary of Entity Based Access
The Entity Based Access (EBA) application allows for controlled, secure access to records based on entities, enhancing data segregation. Following the Yokohama release, EBA replaces broad role-based access with granular permissions tied to geographical locations and specific functions. Administrators can assign users or groups to entities, ensuring that access is limited to only permitted data.
Show less
Key Features
- Granular Control: Detailed access control over various objects within the system.
- Flexible Configuration: Options to restrict access within an entity hierarchy or across groups of entities.
- Bulk Access Updates: Apply access restrictions selectively and gradually for smooth adoption.
- Dynamic Access: Users included in access configurations receive automatic access to records.
Key Outcomes
With EBA, administrators can streamline access management, ensuring that users only interact with the data relevant to their roles while minimizing the risk of data exposure. Automated rules help maintain compliance and reduce manual overhead as records are created or modified.
The Entity Based Access (EBA) application enables you to segregate data on the records that are based on entities. Entity-based access administrators can use this tool to set up secure, controlled access to various objects.
Entity Based Access overview
Before the Yokohama release, user restrictions were based only on their roles within the system without consideration for their geographical locations or specific functions. Access to objects like risks, controls, and issues was broadly managed. For example, a risk manager in North America had access to risk records across all regions, not just their own.
From the Yokohama release onwards, Entity Based Access facilitates object access via entities. You can map entities to specific users or user groups, enabling you with a granular level of access control.
With Entity Based Access, you can segregate data and manage access to help ensure that users can only access permitted data through entity-based access. Your administrators can grant access to an entity’s related records. They can add users or user groups for access. Access can also be granted through entity user fields or entity user group fields, minimizing the risk of unnecessary data exposure.
To use the Entity Based Access configuration, navigate to Entity Based Access Configurations in an instance.
Key features of Entity Based Access
- Detailed control over access to various objects via entities within the system.
- Versatile configuration options. For example, you can configure Entity Based Access within an entity hierarchy to restrict access to the entity and its downstream related records or across a group of entities by using an entity class or entity type. With bulk access update configurations, you can apply access restrictions selectively to scoped records. You can implement access restrictions gradually to help ensure smooth adoption without operational disruptions.
- Access that is provided by including specific user field or user group fields in the entity-based access configuration. Users who are part of the configuration get dynamic access to the records.
Key points to note about Entity Based Access
Entity Based Access restricts access to records to users based on the configuration as shown in the following diagram:
- If User Hierarchy Access or User Group Access is enabled, you can't use Entity Based Access.
- Confidential users can continue to access the confidential records whether they’re or not part of the entity-based access configuration.
- For information about the performance limitations, see KB2069935.
- For information on how to use Entity Based Access on custom tables, see the steps in KB1646304.
- For information about the limitations of Entity Based Access, see https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB2054513.