Features of enhanced security model adoption for incident tables

  • Release version: Australia
  • Updated March 12, 2026
  • 1 minute to read

    • Help prevent unauthorized access to incident-related tables using Deny-Unless ACLs. A Deny-Unless authentication ACL restricts access for a non-authenticated user.

    The enhanced security model implements Deny-Unless ACLs to restrict access for a non-authenticated user, such as a public role user. Without access, the user can't perform any actions on incident-related tables, including reading, writing, deleting, creating, or accessing the report view. This ensures that only authorized or approved user roles can access the incident tables. For more information on Deny-Unless ACLs, see Deny-Unless ACL.

    This model is activated by default and applicable on the following incident-related tables:
    Tables Description
    Incident KCS Article

    [kb_template_incident_kcs_article]

    		 The table is used to store knowledge articles created from the Incident KCS template.
    Incident KCS Template

    [kb_template_incident_kcs_template]

    		 The table is used to store knowledge templates created from the Incident KCS template.
    This model is applicable on the following incident-related tables after installing the ITSM Enhanced Security Features (com.snc.itsm.enhanced_security) plugin:
    Table Description
    Incident

    [incident]

    		 The Incident table is extended from the Task [task] table. It inherits all the fields, rules, and policies from the Task table.
    Incident task

    [incident_task]

    		 The incident task [incident_task] table is a child of the task [task] table and inherits all the incident task details.
    Task CI

    [task_ci]

    		 The Task CI [task_ci] table is extended from the Task [task] table and contains all the affected CI details.
    Task outage

    [task_outage]

    		 The Task-Outage table [task_outage] maintains the mapping between the Task [task] table and the Outage [cmdb_ci_outage] table.
    Note:
    For new or zboot instances, the ITSM Enhanced Security Features (com.snc.itsm.enhanced_security) plugin is auto installed.

    The ITSM Enhanced Security Features (com.snc.itsm.enhanced_security) plugin can be installed and activated by an admin via a support request. Existing or upgrade users must test and evaluate the results in their non-production instance and then install the plugin and implement the security change in their production instance. For more information, see Activate ITSM Enhanced Security Features for Incident Management.