Access control (instance security hardening)
Access controls determine whether access to a particular resource should be granted or denied. It only allows access to resources to those users permitted to use them.
Authorization is not equivalent to authentication, as these terms and their definitions are
frequently confused.
- Authentication is providing and validating identity.
- Authorization includes execution rules that determine what functionality and data the user (or principal) can access, ensuring the proper allocation of access rights after authentication is successful.
Authorization is a process that comes after a successful authentication. You can configure security properties that designate if, after determining that a user holds valid credentials associated with a well-defined set of roles and privileges, resource authorization occurs.
The following are some security controls that an administrator can configure to restrict
unauthorized access to sensitive entities within the ServiceNow AI Platform.