Pranav Bhagat Earl Duque

3 minute read

Catch the episode

Debug ACLs in ServiceNow Like a Pro with Access Analyzer

Managing access controls in ServiceNow can be complicated. Creating ACLs, data filters, and ensuring users have the proper permissions for various tasks requires meticulous configuration and testing. Access Analyzer, a new feature in the ServiceNow platform, provides an intuitive interface to analyze user and role access without impersonating users or elevating to security admin.

In this episode, you’ll learn how Access Analyzer can help you debug ACLs, validate new permissions, and gain visibility into what users can access in your instance. Whether you’re an administrator securing your production environment or a developer building custom applications, Access Analyzer is a tool you’ll want in your arsenal. Read on to see how this feature can simplify access control management and help you code with confidence.

Access Analyzer is a plugin application that allows administrators and developers to analyze user and role access to records and fields in ServiceNow. Using an intuitive UI, you can debug ACLs and data filters without having to impersonate users or elevate to security admin.

With Access Analyzer, you can analyze access for individual users, roles, and groups. Select an entity, choose a table, and Access Analyzer will show you what create, read, update and delete operations that user, role or group has access to. Access Analyzer logs all queries so you can re-run them again later. This is useful when you make changes to ACLs or data filters and want to re-test access.

Access Analyzer works with both out-of-the-box and custom applications. You can analyze access for any table and field in your instance. The UI provides a cleaner interface for debugging ACLs compared to the legacy ACL debug screen. It groups related ACLs and shows exactly why access is blocked or allowed.

You do not need to elevate to security admin to use Access Analyzer. However, you do need admin and security admin roles to make changes to ACLs.

A use case for Access Analyzer would be creating a custom ACL to allow certain users to edit a “Steps to Reproduce” field on incidents. You could then use Access Analyzer to validate that the ACL is working properly before deploying to production. Access Analyzer can analyze access for groups in addition to individual users and roles.

Some suggested improvements for Access Analyzer are a pop-up to re-run saved queries and the ability to see all tables a group has access to without selecting a specific table.

Overall, Access Analyzer is an invaluable tool for managing security and access control in ServiceNow. Combined with other new features like Security Attributes, it provides a robust set of capabilities for managing and auditing access. Any administrator or developer working with platform security should have Access Analyzer in their toolkit.