ITSM Enhanced Security Features for Change Management

  • Release version: Australia
  • Updated March 12, 2026
  • 1 minute to read

    • Help prevent unauthorized access to change-related tables using deny-unless ACLs. A deny-unless authentication ACL restricts access for a non-authenticated user.

    The enhanced security model implements deny-unless ACLs to restrict access for a non-authenticated user, such as a public role user. Without access, the user can't perform any actions on change-related tables, including reading, writing, deleting, or creating. This ensures that only authorized or approved user roles can access the change tables. For more information on deny-unless ACLs, see Deny-Unless ACL.

    This model is applicable on the following change-related tables after installing the ITSM Enhanced Security Features (com.snc.itsm.enhanced_security) plugin:
    Table Description
    Change request

    [change_request]

    		 The change request table is extended from the Task [task] table. It inherits all the fields, rules, and policies from the Task table.
    Change task

    [change_task]

    		 The change task table is a child of the task [task] table and inherits all the change request task details.
    Note:
    For new or zboot instances, the ITSM Enhanced Security Features (com.snc.itsm.enhanced_security) plugin is automatically installed.

    The ITSM Enhanced Security Features (com.snc.itsm.enhanced_security) plugin can be installed and activated by an admin via a support request. Existing or upgrade users must test and evaluate the results in their non-production instance and then install the plugin and implement the security change in their production instance. For more information, see Activate ITSM Enhanced Security Features for Change Management.