Skip to main content

ServiceNow new in Tokyo - Data Filtration

 - these work in conjunction with ACLs, however they are executed BEFORE the ACLs

- data filtration is a 'deny' principle whereas ACL a 'grant' principle

- data filtration reduces the need for scripting

- they run AFTER before query business rules

- will still see the 'removed due to security contraints' message unfortunately

- requires security_admin role just like ACLs but there is no admin override feature

- specific to scoped app it's defined in (might not have access to certain global/other app tables if defined in a scoped app)

- key design criteria: machine enforceable and human readable (so improves on ACLs)

- declarative option over scripted option reduces technical debt

- No ACL will grant you access that a data filtration has already taken out

- may need to install the 'data filtration' plugin as not installed by default yet on Tokyo version

- remember to elevate privilege to security admin first




https://www.youtube.com/watch?v=UsjbPMHVs7U

(ServiceNow )


(full video transcript:

Comments

Popular posts from this blog

ServiceNow check for null or nil or empty (or not)

Haven't tested these all recently within global/local scopes, so feel free to have a play! option 1 use an encoded query embedded in the GlideRecord , e.g.  var grProf = new GlideRecord ( 'x_cls_clear_skye_i_profile' ); grProf . addQuery ( 'status=1^ owner=NULL ' ); grProf . query (); even better use the glideRecord  addNotNullQuery or addNullQuery option 2 JSUtil.nil / notNil (this might be the most powerful. See this link ) example: if ( current . operation () == 'insert' && JSUtil . notNil ( current . parent ) && ! current . work_effort . nil ())  option 3 there might be times when you need to get inside the GlideRecord and perform the check there, for example if the code goes down 2 optional routes depending on null / not null can use gs.nil : var grAppr = new GlideRecord ( 'sysapproval_approver' ); var grUser = new GlideRecord ( 'sys_user' ); if ( grUser . get ( 'sys_id' , current . approver )){...

Code a pause/wait - gs.sleep or gs.wait alternative, pause script for specified seconds (timer)

Code a pause/wait - gs.sleep / gs.wait alternative, pause script for specified seconds (timer)  e.g. 10 seconds: do_sleep ( 10000 ); function do_sleep ( milliseconds ) { var start = new Date (). getTime (); for ( var i = 0 ; i < 1e7 ; i ++) { if (( new Date (). getTime () - start ) > milliseconds ){ gs . print ( 'waking up!' ); break ; } } }