Exploring Identity and Access Audit

  • Release version: Australia
  • Updated March 12, 2026
  • 1 minute to read

    • Use Identity and Access Audit to understand changes made to users, groups, roles, and ACLs.

    Identity and Access Audit helps to understand the critical information about who has modified what, where and when in user accounts, groups and roles.

    This feature helps identify malicious users, monitor unusual activity within your ServiceNow instance, and maintain compliance by tracking changes to access permissions.

    Identity and Access Audit (Identity Security Audit) is a plugin (com.glide.security.audit), which is auto-installed.

    It can be turned on or off by toggling the glide.identity.security.audit.enabled system property. By default, the property is set true.

    Identity and Access Audit enables you to:

    • View the changes made in the last 30 days to users, groups, role ACL attributes, role memberships, group memberships, and ACL roles.​
    • Track the changes in your ServiceNow instance.
    • Help mitigate potential security and regulatory risks.
    • Demonstrate compliance to auditors across different organizational groups.
    • Demonstrate that the organization is protected against threats caused by limited visibility into user group and role changes.

    User personas in Identity Access and Audit

    There are two different user personas in Identity and Access Audit (identity_access_audit_viewer):

    • role_viewer and group_viewer​: View audit records and configuration.​
    • Security Admin: View the audit trails. Enable or disable auditing for specific tables or fields.

    Audit Tables

    The following tables can be audited using Identity and Access Audit​:

    • Group [sys_user_group]​
    • Role [sys_user_role]​
    • Access Control [sys_security_acl]​
    • User [sys_user]​
    • Group Role [sys_group_has_role]​
    • User Role [sys_user_has_role]​
    • Access Roles [sys_security_acl_role]​
    • Contained Role [sys_user_role_contains]​
    • Group Member [sys_user_grmember]​

    Identity and Access Audit Modules

    Identity and Access Audit's modules include:

    Module Description
    Audit Results Displays audits that occurred in the ServiceNow instance.
    Configure Table & Fields Configure system tables and fields with available fields from Identity and Access Audit.
    Configure Retention Period Configure the retention period for audited data. The maximum period is 30 days.
    User Trails Displays audits of users.
    Group Trails Displays audits of groups.
    Role Trails Displays audits of roles.
    ACL Trails Displays audits of ACLs.