Implement access control in Now Assist AI agents
Implement security controls for AI agents and agentic workflows through access control lists (ACLs) and user identities to increase alignment with the access control-based security measures in the agentic system.
Security for AI agents overview
Access controls for agentic AI on the ServiceNow AI Platform comprises two major components: Access control lists (ACLs) and user identities. The interaction between these two components at the agentic workflow, AI agent, and tool levels within the AI Agent Studio influences their overall security and functionality.
Access control lists
The access control lists (ACLs) in Now Assist AI agents determine users who can invoke an agentic workflow or an AI agent. ACLs must be configured individually for each agentic workflow, AI agent, and certain AI agent tools.
The ACLs added to an AI agent and agentic workflow are available in the respective related lists for reference.
User identity
The user identity determines the roles that the AI agent or an agentic workflow operates with and the data it can access depending on the permissions assigned to the .
After configuring the access control lists (ACLs), you must configure the User identity (also called as Run as) using which the AI agent or agentic workflow gets executed. There are two possible user configurations to select from:
- Dynamic user: The logged-in user who invokes the execution of an AI agent or an agentic workflow. Dynamic user is the default user identity, and you can use the dynamic user unless there's a specific need that justifies an AI user.
- AI user: A dedicated user who executes the AI agent or an agentic workflow with assigned roles that remain consistent regardless of who or how the execution is invoked. For example, an AI agent or an agentic workflow may need to be run with elevated privileges that the dynamic user might not have.
- An AI user can be configured as part of user identity and user identities are configured at the agentic workflow and AI agent levels.
- For more information about user identity in an AI agent, refer to Create an AI agent.
- For more information about user identity in an agentic workflow, refer to Create an agentic workflow.
- The ACLs are checked with the actual conversational user, a user who has invoked the agentic workflow or the AI agent. Once the ACL check is complete, the user identities can be applied.
Configure ACLs in AI Agent Studio
- Allow-If: Grants access to data or resources when all the specified conditions in the ACL are met and the ACL doesn't prevent other ACLs from granting access to the same resource even if it doesn't.
- Deny-Unless: Grants access only when the roles meet a specified condition and no other ACLs can override or grant access to that resource.
There are three possible options for ACLs created in AI Agent Studio:
- Any authenticated user: Grants access to any user who is authenticated on the instance, regardless of the role.
- Users with specified roles: The default ACL option that requires you to select the roles to invoke an AI agent or an agentic workflow.
- Public: Grants access to all users, including guests who aren’t signed in.
- To configure an ACL in the AI Agent Studio for an AI agent, see the Create an AI agent guided setup.
- To configure an ACL for an agentic workflow, see the Create an agentic workflow guided setup.
Supervised execution mode for AI agents
You can minimize potential negative impact of an AI agent not executing as expected by configuring AI agents' tools to run in supervised mode. This will ensure human oversight for the tool's actions. You can use the Supervised mode to enhance security for agents with the capability to perform sensitive or critical actions.
You can set the supervised execution mode when creating a tool in the AI agent guided setup. For example, choose Supervised as the Execution mode when adding a catalog item tool. For reference, see Add a catalog item to an AI agent.