Security in ServiceNow
ServiceNow can enable rather complex security models on items.
As a result, the ServiceNowconnector requires the BA Insight Advanced Security Module (ASM) to properly secure such item.
You need to use ASM if the following is true:
You employ:
- User criteria and roles
or - You apply security on both knowledge articles and on knowledge bases,
or - You use HR Criterial with the "match all" option.
Security in ServiceNow is then converted into multiple security levels as follows:
- User criteria on knowledge article
- Roles
- User criteria on knowledge base
The various types of ServiceNow security groups and roles are recognized by the prefixes in the security map:
- g_ for groups
- r_ for roles
- c_ for companies
- and so on...
How to Identify Items that Require ASM
During crawls, if an item requires ASM to be properly secured, the connector also emits a boolean property named MULTILEVELSECURED and sets its value to "true."
This can be used, for example, to exclude content from the index in scenarios where deploying ASM is not possible.
Administrator Access in Search results
- The connector grants security only to users and groups explicitly identified in each item's security descriptor, meaning the user or group has to be identified in ServiceNow as having access.
- It is possible to have administrative access to content in ServiceNow, where you are able to view the content in ServiceNow without being added explicitly in the security descriptor.
- The connector does not recognize this access, and will not grant permission in the search index for that administrative access.