Restricted caller access privilege settings
Summarize
Summary of Restricted Caller Access Privilege Settings
Restricted caller access privilege settings in the ServiceNow AI Platform enable you to manage and control cross-scope access to applications and their resources. This includes defining permissions for access controls, business rules, UI actions, and scripts. The system automatically tracks requests for access throughsysrestrictedcalleraccessrecords when restrictions are applied or cross-scope scripts attempt to access resources.
Show less
Key Features
- Tracking Access Requests: Monitor cross-scope requests to determine which applications need access to resources in other scopes.
- Approval and Denial: Manage access by approving or denying requests for application resources or events.
- Privilege Combinations: Define various combinations of privilege settings to manage access relationships, including scope-to-scope and source-to-target settings.
- Activation Methods: Activate restricted caller access via plugin activation, specific application requests, or through system property settings for Flow Designer.
Key Outcomes
By leveraging restricted caller access privilege settings, you can ensure that your applications have the necessary permissions to access the correct scopes while preventing unauthorized access. This capability enhances security and enables better management of application resources across the ServiceNow AI Platform.
Define cross-scope access to an application, application resource (such as an access control role, a business rule, a UI action, or a script include), or event. You can even use these settings to allow or deny requests for access.
Restricted caller access privilege settings overview
Restricted caller access [sys_restricted_caller_access] records track cross-scope applications or scripts that request access to an application, application resource, or event in the ServiceNow AI Platform. The ServiceNow AI Platform creates sys_restricted_caller_access records when one of these actions occurs:
- Caller access is set to Caller Restriction or Caller Tracking.
- A cross-scope script attempts to access an application resource or event.Note:A system scope to target scope is an example of a cross-scope.
You can use these records to do these tasks:
- Track cross-scope requests for access to an application resource. You can use access requests to determine which applications need access to resources and data from other application scopes.
- Approve or deny any cross-scope requests for access to application resources or events. For example, you can create a Restricted Caller Access record to allow access for all scope-to-scope requests.
For more information, see Requested restricted caller access (RCA).
Restricted caller access privilege setting combinations
- Scope
- All application resources in a selected source or target scope. To learn more about application scopes, see Application scope.
- Source
- A specific application resource in a selected source scope.
- Target
- A specific application resource in a selected target scope.
- Scope-to-scope
- Scope-to-target
- Source-to-scope
- Source-to-target
Activating application restricted caller access
You can activate application restricted caller access through one of the following methods:
- Activate the Scoped Application Restricted Caller Access plugin (com.glide.scope.access.restricted_caller).
- Request the HR Service Delivery or Security Incident Response applications. By default, restricted caller access is active in these applications.
- Enable the Restricted Caller Access system property for Flow Designer.
For more information, see: Activate application restricted caller access.