Scope protections for Credentials and Connections

  • 릴리스 버전: Australia
  • 업데이트 날짜 2026년 03월 12일
  • 소요 시간: 3분

    • You can classify certain types of Connection & Credential records as belonging to a scope, and extend scope protections to them. These scope policies protect records you create in a table, and prevent interactions with records that are private to another scope.

    An Application field is available in the Connection [sys_connection] and Discovery Credentials [discovery_credentials] tables for associating these types of records to specific scopes. It is not visible on UI forms in Australia, but you can easily add it to them. To learn more about these record types, and adding the field to their UI forms, see:
    Restricting the use of a Connection & Credentials record to a specific scope is important for managing applications that require enforced security. These applications include HR Service Delivery or Security Operations Connection & Credentials records created in scoped administered applications are not visible to admin users. Associating a Connection & Credentials record to a specific application scope affords the following protections:
    • Applies Access Control List rules (ACLs) to restricted scopes. To learn more about scoped ACLs, see Access control list rules.
      주:
      Some applications using scope administration and enforced security may require additional setup. To learn more, see Manage HR roles
    • Protects records when queried using a script. If you do a query from the Global scope, and the Connection & Credential record is in a protected scope, it doesn't appear in the query, unless given access to it.

    You can customize and grant access to query-restricted records by using Restricted Caller Access. To learn more, see Restricted caller access privilege settings. Scoping restrictions also apply to all children tables of the Connection [sys_connection] and Discovery Credentials [discovery_credentials] tables. Empty fields and other scopes are not restricted.

    주:
    Scope protections are only enabled for specific secured scopes to avoid confusion when setting up new records. If someone makes a connection in their scoped application scope, it doesn't have automatic scope restriction.