Role masking in Now Assist AI agents

  • Release version: Zurich
  • Updated November 4, 2025
  • 3 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Role masking in Now Assist AI agents

    Role masking in Now Assist AI agents allows ServiceNow customers to enhance security by limiting the roles and permissions that AI agents, agentic workflows, and tools inherit from users during execution. This enforces least-privilege access, reducing the risk of AI components accessing sensitive data or capabilities beyond what invoking users are authorized for.

    Show full answer Show less

    Key Features

    • Role Limitation: AI admins can define an allow-list of roles that agentic workflows or AI agents running as dynamic users can inherit from invoking users, restricting permissions to only what is necessary.
    • Dynamic User vs AI User: Role masking applies only when components run as dynamic users. Components running as AI users inherit all roles assigned to that AI user and do not support role masking.
    • Sequential Role Enforcement: Role masks can be applied at multiple points (agentic workflow, AI agent, tool), each time enforcing the intersection of the invoking user’s roles and the approved roles list to ensure minimal necessary privileges.
    • Security Governance: Enables enforcing governance for elevated or scoped roles to prevent agentic overreach and maintain compliance with security best practices.

    Key Outcomes

    • Ensures AI agents and workflows operate under least-privilege principles, limiting access to sensitive or unauthorized resources.
    • Reduces security risks by preventing AI components from gaining unintended elevated access.
    • Allows AI admins to precisely control which roles an AI agent or workflow can use when executing on behalf of users.
    • Supports expanded functionality of agentic products while maintaining strong security controls.

    Prerequisites and Configuration

    • Requires Now Assist for Platform version 10.0.2-SS and snaia.admin privileges to configure role masking.
    • Role masking is configured in AI Agent Studio within security controls for AI agents and agentic workflows.
    • Tools always run as dynamic users and role masking applies to them accordingly.

    Role masking for AI agents and agentic workflows helps users enhance security by enabling them to limit their roles during tool execution and verify that AI agents run with least-access privileges.

    Role masking overview

    Role masking lets AI admins in the AI Agent Studio to limit permissions of agentic workflows or AI agents set to run as dynamic users by defining an allow-list of roles they can inherit from invoking users, enforcing least-privilege access.

    Use role masking to:
    • Empower users to follow least-access principles when an agentic workflow or AI agent executes on behalf of a dynamic user.
    • Limit roles that agentic workflows, AI agents, and skills inherit from users and can be applied when a user invokes them.

      For more information about configuring skills, see Now Assist Skill Kit.

    • Reduce the risk of AI solutions accessing the resources that they shouldn't, therefore helping prevent agentic overreach into sensitive data or capabilities beyond what the user is allowed.
    • Expand the security configurations to increase functionality of agentic products while reducing security risks by enforcing governance for elevated or scoped roles.

    Prerequisites

    To configure role masking on your ServiceNow instance, you must have:
    • Now Assist for Platform version 10.0.2-SS.
    • The sn_aia.admin privileges.

    Role masking behavior

    Role masking behavior in agentic workflows, AI agents, and tools controls which of the invoking user's roles are available to AI agents and tools during workflow execution. The roles are applied sequentially across layers in the agentic workflow, AI agent, and Tool sequence to verify that tools execute with minimum required privileges.

    Role masking rules

    1. Role masking limits the roles with which an agentic workflow, AI agent or Skill can execute to the intersection between the roles assigned to the invoking user and the roles included in the role masking approved roles list.
    2. AI user vs Role mask:

      The AI admin can choose for the component to run as either an AI user or a dynamic user. If set to run as a dynamic user, the AI admin can configure role masking for the component. Role masking cannot be configured for agentic workflows or AI agents set to run as AI users.

      • If an AI user is selected, all roles assigned to the AI user are available to the agentic workflow or AI agent. This can be used to provide elevated access to the agentic workflow AI agent.
        Note:
        Tools always run as dynamic users.
      • If Role masking is applied to an agentic workflow, AI agent, or tool running as a dynamic user, the component runs with roles with roles limited to the intersection of the current invoking user's roles and the roles included in the role masking approved roles list.
    3. Multiple role masks can be configured and applied in the agentic workflow - AI agent - tool sequence, but each mask still follows the intersection rule.
    4. Role masking only restricts roles that components can execute with, but never grants components roles which exceed those of the invoking user. Thus, if the invoking user has a role that is not included in the approved roles list, the component will not be allowed to execute with that role. And, if the approved roles list includes a role that is not assigned to the invoking user, the component will not be able to execute with that role again.
    5. When a workflow running as an AI user invokes an AI agent running as a dynamic user with role masking configured, then the roles available to the AI agent will be the intersection of the role masking configuration of the AI agent and the roles assigned to the AI user of the agentic workflow. The same holds true for an AI agent running as an AI user that then invokes a skill with role masking configured.

    Configuration