Content filtering for Workflow Studio flows

  • Release version: Xanadu
  • Updated August 1, 2024
  • 5 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Content filtering for Workflow Studio flows

    Content filtering in Workflow Studio allows ServiceNow customers to control user access to specific flow content based on user roles. This ensures users see only relevant, necessary, and non-sensitive content when designing or interacting with flows. By defining which Workflow Studio resources are accessible to whom, organizations can streamline flow creation and maintain security and compliance.

    Show full answer Show less

    Key Features

    • Content Definitions: Define types of Workflow Studio flow resources (e.g., triggers, actions, subflows) that users can access. These definitions can be broad (entire resource types) or refined with conditions and tags to include only specific subsets of resources.
    • Content Filtering Rules: Link user roles to content definitions, specifying which roles can access which content. These rules dynamically control visibility and access within Workflow Studio based on the user's role.
    • Feature Access Filtering: Control access not just to content but also to Workflow Studio UI elements and sections. This can be managed via content definitions and filtering rules or through a simplified UI for UI elements.
    • Read-Only Flows: If a flow contains content restricted to a user, the entire flow becomes read-only for that user. They can run the flow but cannot modify or copy it, preserving integrity when restricted content is present.

    Access Behavior and Outcomes

    • When users have the required role, they can see, select, copy, and modify flows, triggers, subflows, actions, steps, and UI elements.
    • If users lack the role, associated content is hidden during design, and any flows containing restricted content become read-only and cannot be copied or modified.
    • Execution details visibility for flows and subflows also depends on role-based filtering.
    • Transform functions have special handling: if hidden, they become read-only but can still be copied and modified within flows.
    • UI elements or sections excluded from access are hidden, but flows including them may still be copied and modified if access rules permit.

    Configuration Guidance

    • Create and refine content definitions to specify precisely which Workflow Studio resources are subject to filtering, using conditions and tags to tailor access.
    • Set up content filtering rules by associating user roles with these content definitions, thereby controlling what each user role can access within Workflow Studio.

    This content filtering framework helps ServiceNow customers enforce role-based access control in Workflow Studio, ensuring users engage only with appropriate flow content and features, enhancing security, usability, and governance.

    Specify which content a user can access based on the user's role.

    Display only content that is relevant for a particular user, hiding content that is unnecessary or sensitive. Specify the Workflow Studio flow content that you want to control access to and the role that a user must have to access it. For example, if a user with the hr_manager role in human resources is creating a flow, show only the set of actions and subflows that are relevant to HR cases.

    Content filtering uses:
    • Content definitions to specify types of content.
    • Content filtering rules to determine who can access the content.
    Workflow Studio includes several default definitions and filtering rules. Set up content filtering by modifying pre-existing rules or creating your own.

    Content definitions

    Content definitions specify a type of Workflow Studio flow resource. Resources are the key components of Workflow Studio flows, such as triggers, actions, and subflows. Create definitions to include an entire resource, or refine your definitions through conditions. For example, you can create a definition that includes all flow triggers, or you can use conditions to include only triggers with a category of date.

    You can further refine content definitions through tagging. Add tags to items in a resource list, then design your content definition to only include resources with that tag.

    Content filtering rules

    Content filtering rules specify the role that a user must have to access the content in a particular definition. Each rule associates a single user role with a single content definition. When a user accesses Workflow Studio flows, content filtering rules determine what content the user may access based on the user's role.

    Feature access

    You can also filter access to Workflow Studio flow features. Features are UI elements and sections. Access to both elements and sections can be managed by configuring content definitions and filtering rules. However, access to UI elements can also be managed through a simplified UI. For more information, see Manage access to Workflow Studio flow features.

    Read-only flows

    Users may be able to view a flow, subflow, or action containing content that they can't normally access. For example, a flow that's visible to a user might include an action the user wouldn't usually be able to view. When a flow contains restricted content, the entire flow becomes read-only. Users can run the flow but can't modify or copy it.

    The creation of read-only flows doesn't apply to feature filtering. If a user doesn't have access to a feature, the feature doesn't render for that user. It doesn't affect the ability to copy or modify a flow. If a user doesn't have access to transform functions and uses a flow that already has a transform function applied, the transform function is read-only. The rest of the flow can still be copied and modified.

    Access summary

    Resource filtered User has role User does not have role
    Flow
    • The flow is visible to select during design.
    • The flow can be copied.
    • The flow can be modified.
    • The flow is hidden and cannot be selected during design. For example, the flow is hidden when creating a Playbooks activity definition.
    • The flow cannot be copied.
    • The flow is read-only.
    Flow execution details The flow execution details are visible. The flow execution details are hidden.
    Trigger
    • The trigger is visible to select during design.
    • Any flow that includes the trigger can be copied.
    • Any flow that includes the trigger can be modified.
    • The trigger is hidden and cannot be selected during design.
    • Any flow that includes the trigger cannot be copied.
    • Any flow that includes the trigger is read-only.
    Subflow
    • The subflow is visible to select during design.
    • Any flow that calls the subflow can be copied.
    • Any flow that calls the subflow can be modified.
    • The subflow is hidden and cannot be selected during design.
    • Any flow that calls the subflow cannot be copied.
    • Any flow that calls the subflow is read-only.
    Subflow execution details The subflow execution details are visible. The subflow execution details are hidden.
    Flow logic
    • The flow logic is visible to select during design.
    • Any flow that includes the flow logic can be copied.
    • Any flow that includes the flow logic can be modified.
    • The flow logic is hidden and cannot be selected during design.
    • Any flow that includes the flow logic cannot be copied.
    • Any flow that includes the flow logic is read-only.
    Action
    • The action is visible to select during design.
    • Any flow that includes the action can be copied.
    • Any flow that includes the action can be modified.
    • The action is hidden and cannot be selected during design.
    • Any flow that includes the action cannot be copied.
    • Any flow that includes the action is read-only.
    Action execution details The action execution details are visible. The action execution details are hidden.
    Step
    • The step is visible to select during design.
    • Any action that includes the action can be copied.
    • Any action that includes the step can be modified.
    • The step is hidden and cannot be selected during design.
    • Any action that includes the step cannot be copied.
    • Any action that includes the step is read-only.
    UI elements and sections, excluding transform functions
    • The UI element or section is visible to use during design.
    • Any flow, subflow, or action that includes the UI element or section can be copied.
    • Any flow, subflow, or action that includes the UI element or section can be modified.
    • The UI element or section is hidden and cannot be used during design.
    • Any flow, subflow, or action that includes the UI element or section can be copied.
    • Any flow, subflow, or action that includes the UI element or section can be modified.
    Transform functions
    • Transform functions are visible to use during design.
    • Any flow, subflow, or action that includes a transform function can be copied.
    • Any flow, subflow, or action that includes a transform function can be modified.
    • Transform functions are hidden and cannot be used during design.
    • Any flow, subflow, or action that includes a transform function can be copied. The transform function is read-only.
    • Any flow, subflow, or action that includes a transform function can be modified. The transform function is read-only.