Implement access control in Now Assist AI agents

  • Release version: Yokohama
  • Updated September 11, 2025
  • 4 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Implement access control in Now Assist AI agents

    Implementing access control in Now Assist AI agents enhances security by using access control lists (ACLs) and user identities to regulate who can invoke AI agents and agentic workflows, and under what permissions these actions run. This aligns AI agent security with the broader access control framework in ServiceNow.

    Show full answer Show less

    Access Control Lists (ACLs)

    • ACLs specify which users or roles can invoke specific AI agents, agentic workflows, and certain AI agent tools.
    • They are configured individually for each AI agent, workflow, and tool and are visible in their related lists within AI Agent Studio.
    • ACLs only control invocation permissions and do not determine the data or operational access once the AI agent or workflow runs.
    • There are three ACL types in AI Agent Studio:
      • Any authenticated user: Access granted to any logged-in user.
      • Users with specified roles: Default option requiring role selection to invoke agents or workflows.
      • Public: Allows access to all users, including guests.
    • Each AI agent and agentic workflow must have a unique ACL configured.
    • Conflicting ACLs or role mismatches can cause agentic AI executions to fail, so comprehensive planning across all components is critical.

    User Identity (Run As)

    • User identity defines the permissions and roles the AI agent or workflow operates under during execution, controlling data access and actions.
    • Two identity types available:
      • Dynamic user: Default; runs the agent/workflow as the logged-in user who invoked it.
      • AI user: A dedicated user with fixed roles that can provide elevated privileges independent of the invoking user.
    • To use an AI user, a new user record must be created and assigned appropriate roles.
    • User identities are configured at both the AI agent and agentic workflow levels.
    • The ACLs are checked against the invoking user first, then the user identity permissions apply for execution.

    Configuring ACLs and User Identities

    • Configure ACLs for AI agents and workflows through the AI Agent Studio guided setups for agent and workflow creation.
    • Careful configuration is essential to avoid conflicting permissions that prevent AI execution.
    • Ensure ACLs and user identities are aligned with your organization’s security policies and operational requirements.

    Supervised Execution Mode

    • This mode enables human oversight for AI agent tools, particularly for those performing sensitive or critical actions.
    • Tools configured in supervised mode require human review before executing significant changes, reducing risks.
    • Supervised mode can be enabled during tool creation in the AI agent guided setup, such as when adding catalog item tools.

    Implement security controls for AI agents and agentic workflows through access control lists (ACLs) and user identities to increase alignment with the access control-based security measures in the agentic system.

    Security for AI agents overview

    Access controls for agentic AI on the ServiceNow AI Platform comprises two major components: Access control lists (ACLs) and user identities. The interaction between these two components at the agentic workflow, AI agent, and tool levels within the AI Agent Studio influences their overall security and functionality.

    Access control lists

    The access control lists (ACLs) in Now Assist AI agents determine users who can invoke an agentic workflow or an AI agent. ACLs must be configured individually for each agentic workflow, AI agent, and certain AI agent tools.

    The ACLs added to an AI agent and agentic workflow are available in the respective related lists for reference.

    Important:
    ACLs configured in AI Agent Studio only determine the roles required for users to invoke an agentic workflow or an AI agent. They don't determine the access that the agentic workflow or an AI agent has once it’s invoked.

    User identity

    The user identity determines the roles that the AI agent or an agentic workflow operates with and the data it can access depending on the permissions assigned to the gloss agentic resource.

    After configuring the access control lists (ACLs), you must configure the User identity (also called as Run as) using which the AI agent or agentic workflow gets executed. There are two possible user configurations to select from:

    • Dynamic user: The logged-in user who invokes the execution of an AI agent or an agentic workflow. Dynamic user is the default user identity, and you can use the dynamic user unless there's a specific need that justifies an AI user.
    • AI user: A dedicated user who executes the AI agent or an agentic workflow with assigned roles that remain consistent regardless of who or how the execution is invoked. For example, an AI agent or an agentic workflow may need to be run with elevated privileges that the dynamic user might not have.

    If you do not have an AI user but want to use the AI user identity, you need to create a new record on the User table. See Create a user. Select AI user as the identity type.

    Note:
    • An AI user can be configured as part of user identity and user identities are configured at the agentic workflow and AI agent levels.
    • The ACLs are checked with the actual conversational user, a user who has invoked the agentic workflow or the AI agent. Once the ACL check is complete, the user identities can be applied.

    Configure ACLs in AI Agent Studio

    ACLs configured in the AI Agent Studio for AI agents and agentic workflows are role-based and are of two types:
    • Allow-If: Grants access to data or resources when all the specified conditions in the ACL are met and the ACL doesn't prevent other ACLs from granting access to the same resource even if it doesn't.
    • Deny-Unless: Grants access only when the roles meet a specified condition and no other ACLs can override or grant access to that resource.

    There are three possible options for ACLs created in AI Agent Studio:

    • Any authenticated user: Grants access to any user who is authenticated on the instance, regardless of the role.
    • Users with specified roles: The default ACL option that requires you to select the roles to invoke an AI agent or an agentic workflow.
    • Public: Grants access to all users, including guests who aren’t signed in.
    Each AI agent and agentic workflow must have its own unique ACL.
    Note:
    If there are conflicting security requirements between agentic workflows, AI agents, and AI agent tools, or if the invoking user meets the criteria for some ACLs but not others, your agentic AI fails to execute. When configuring these security settings, consider all aspects of the agentic system- including the agentic workflow, AI agents, and tools.

    Supervised execution mode for AI agents

    You can minimize potential negative impact of an AI agent not executing as expected by configuring AI agents' tools to run in supervised mode. This will ensure human oversight for the tool's actions. You can use the Supervised mode to enhance security for agents with the capability to perform sensitive or critical actions.

    You can set the supervised execution mode when creating a tool in the AI agent guided setup. For example, choose Supervised as the Execution mode when adding a catalog item tool. For reference, see Add a catalog item to an AI agent.