Restricted caller access to Workflow Studio flows
Track flows and actions that require access to cross-scope resources. Allow or deny flows and actions access to cross-scope resources.
The Restricted Caller Access Privileges table has dedicated source types to identify Workflow Studio calling sources.
- Flow
The system uses the flow source type to track operations run by ServiceNow Core actions. Restricted Caller Access Privileges records allow a flow to perform a specific operation on a specific cross-scope resource. Approving a flow to run an operation allows any other core action within the same flow to perform the same operation on the same cross-scope resource.
For example, suppose you have a flow that runs the Look Up Records action on a cross-scope table. When caller restriction is enabled for the cross-scope table, the Look Up Records action generates a request to perform a read operation. When you allow the flow to perform read-operations on the cross-scope table any other read operations performed by core actions can also run. For example, your flow could run the Look Up Record and Lookup Attachments actions on the same cross-scope table. Suppose you add the Look Up Records action for the same cross-scope table to another flow or subflow. Since this read operation comes from another flow, the core action generates a separate access privilege request for approval. If you configure the Look Up Records action to access another cross-scope table, that too generates a separate access privilege request for approval.
- Flow Action
The system uses the flow action source type to track operations run by custom actions to a specific cross-scope resource. Restricted Caller Access Privileges records allow a custom action to perform a specific operation on a specific cross-scope resource. Approving an action to run an operation allows the custom action to perform the operation on the cross-scope resource in any context.
For example, suppose you create a custom action that runs the Look Up Records step on a cross-scope table. When caller restriction is enabled for the cross-scope table, the Look Up Records step generates a request to perform a read operation. When you allow the custom action to perform read operations on the cross-scope table you can run the custom action from any context. For example, you can add the custom action to multiple flows or call the custom action from a script. As long as the custom action performs the operation on the allowed target cross-scope resource, the system allows the custom action to run. If you configure the custom action to access another cross-scope table, the custom action generates a separate access privilege request for approval.
Upgrade restricted caller access privileges for flows and actions
Allow instances upgraded from San Diego and earlier releases to generate restricted caller access privilege requests for flows and actions.
始める前に
If you enable application administration for the target application, only application administrators of the target application can set access to an application. If application administration is not enabled, an admin user can set access to an application.
このタスクについて
手順
タスクの結果
Flows and actions that attempt to access your restricted application resources generate an access privilege request.
次のタスク
Review and approve access privilege requests from your application record.