Exploring Access Analyzer

  • Release version: Washingtondc
  • Updated February 1, 2024
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Exploring Access Analyzer

    The ServiceNow Access Analyzer is an application designed for administrators to analyze user permissions for specific users, roles, or groups within the ServiceNow instance. It operates by impersonating identity records to retrieve permission details without accessing or storing personal data. Note that Access Analyzer is available as a product in the ServiceNow Store.

    Show full answer Show less

    Key Features

    • Evaluate Access: This feature allows administrators to view and analyze permissions for tables, client callable scripts, UI pages, and REST endpoints.
    • Compare Access: This capability enables administrators to compare user access levels, identify the correct access for users, and analyze user records and access controls.
    • Reporting: Generate reports to understand user access and prevent over-provisioning permissions, aiming for least privilege access in compliance with security principles.

    Key Outcomes

    • Improved security posture and identity governance.
    • Enhanced risk management through understanding access levels.
    • Determination of appropriate access levels for users within the ServiceNow instance.
    • Assistance in achieving compliance goals by limiting access to critical resources.

    Analyze identities on the ServiceNow® instance.

    ServiceNow Access Analyzer is an application that helps the administrators to view permissions for the selected user, role, or group.

    Note:
    • Access Analyzer is a ServiceNow Store product. Visit the ServiceNow Store website to view all the available apps and for information about submitting requests to the store.
    • Access Analyzer impersonates the identity record to retrieve details about the permissions and doesn’t read or store any personal or sensitive data of the identity.
    • Access Analyzer evaluation results are the same irrespective of any access policies defined for the users such as Zero trust access (ZTA). The policies are only evaluated during the actual user login and aren’t evaluated during the access analyzer flow.
    • Access Analyzer has limitations in accurately evaluating access of the resources related to managed scope resources and delegated developer.

    Evaluate Access

    Evaluate Access is a capability of the ServiceNow Access Analyzer, which helps the administrators to view permissions for the selected user, role, or group.

    It enables you to analyze and view the permissions of users, groups, roles for a table, client callable script includes, UI pages, and REST endpoints.

    Using Access Analyzer, organizations can improve their security posture, identity governance, risk management, achieve their compliance goals, and understand who (identity) has access to what (resources).

    Compare Access

    Compare Access is a capability of the ServiceNow Access Analyzer V2, which enables administrators to compare user access and determine the right level of access for the users on your ServiceNow instance.

    Compare Access can be perform between the users for the user records and access control.

    Compare Access enables you to perform the following analysis:

    • Level 1: Compare user records to understand the attributes, roles, and groups.
    • Level 2: Compare access controls to run the root cause analysis by finding access issues.

    Benefits

    The following are some of the benefits of using the Access Analyzer:

    • Analyze access to resources (tables).
    • Compare the access of 2 users.
    • Compare the roles and groups of 2 users.
    • Generate a report showing whether an identity has access to a resource (table).
    • Understand who has access for critical security hygiene.
    • Help to prevent from over-provisioning permissions.
    • Achieve the least privilege principals when implementing access controls.
    • Limit access to certain data, which includes applications, tables, rows or columns, and other resources.
    • Provide reporting capabilities for the analyzer results.
    • Compare access between user records and access controls.
    • Determine the right level of access for users on your ServiceNow instance.