Contextual Security: Role Management plugin (instance security hardening)
Activate the Contextual Security: Role Management (com.glide.role_management) plugin to enable contextual security, which secures a record/information using create, read, write, and delete functionality.
After it is installed and activated, the dictionary roles (created by simple security manager) are no longer tested. Instead, the ServiceNow AI Platform looks for ACL rules on fields and tables. It secures the data with the help of ACL rules instead of traditional, role-based dictionary rules implemented by simple security manager. Even if you configure the dictionary form and add roles to a dictionary entry, no change in rights occurs.
More information
| Attribute | Description |
|---|---|
| Plugin ID | com.glide.role_management |
| Configuration type | System Definition > Plugins |
| Configure in Instance Security Center | Yes |
| Purpose | Unlike the simple security manager, the contextual security manager is aware of the system table hierarchy. You can potentially have different security rules for a field based on where in the hierarchy it appears. |
| Recommended value | Active (Plugin activated by default) |
| Functional Impact | This remediation enforces functional level of access controls, which would let application determine the access restrictions based on ACL table alone. |
| Security risk | (High) Functional level access controls must be enforced from the server side prior to executing CRUD operations, ensuring the appropriate level of access to instance users. |
| References |
To learn more about activating a plugin, see Activate a plugin.