Using Evaluate access

  • Release version: Xanadu
  • Updated August 1, 2024
  • 2 minutes to read

    • Analyze identities on the ServiceNow® instance.

    Before you begin

    Role required: admin

    The following procedure describes the steps for accessing Evaluate Access in the Access Analyzer and using its various features.

    Note:
    Access Analyzer is a ServiceNow Store product.

    Procedure

    1. Navigate to All > Access Analyzer > Analyze Permissions.
      The Analyze access and permissions homepage is displayed.
    2. Select the Evaluate access tab.
    3. Select your criteria as follows:
      Table 1. Select your criteria for analyzing access and permissions
      Field Description
      Analyze by * Analyze access for a user, a role, or a group
      Select user * Specify a user name to select from the list.
      Rule type * Analyze access for a table, a UI page, a REST Endpoint, or a client callable script include.
      Select table * Specify a table name to select from the list.
      Select record Specify a record name to select from the list.
      Select field Specify a field name to select from the list.
    4. Specify the description in the Description field.
    5. Select Analyze permissions.

      The access results for the user are displayed. Similarly you can analyze the permissions of a Group or Role for the following rule types:

      • Table (record)
      • Client callable scripts include
      • REST endpoints

      The access results are displayed.

      Access results

      The Access results table includes the following fields:

      Table 2. Access results
      Fields Description
      Operation The type of operation that the user, group, or role can perform for the selected table, record, or field.
      Overall Access Result of the overall access. The results are as follows:
      • [Passed] Access granted
      • [Blocked] Access denied
      • [Skipped] Didn’t evaluate
      • [Undefined] No rule found
      ACL Whether an ACL is defined for the selected operation.
      Access Handler An internal system check using hidden source code on the platform. IAccessHandler can grant or deny access to a resource without evaluating ACLs. If IAccessHandler is ignored, then the ACLs are evaluated.
      Data filtration A data filter is a form of access control designed to work along with the existing Access Control rules (ACLs) on your instance.
      Execution time The time at which the access results were executed.
      Insights More information about the selected operation.
      Execution ID A unique ID for each access result execution.
    6. Select the Operation for more information about the ACL.
      For example, if you select read, the access control related to read is displayed.
      Table 3. ACL Details
      Field Description
      Name Name of the ACL.
      Decision Type Decision type configured for the ACL. Allow access or Deny access.
      Applies to condition Whether the ACL is applied to a condition.
      ACL Applies to Details about the resource the ACL is applied.
      Status Status of the ACL or Access result.
      Required ACL Roles Details of the role that is required to access the resource.
      Role Status of the role. Passed, Skipped, or Blocked.
      ACL Details