Preparing to create or edit ACLs

ACLs are stored as records of data within the ServiceNow database in the sys_security_acl table. To view ACLs you need to hold the admin role and to create and edit ACLs you need to hold the security_admin role.

Administrators without the security_admin role can only view ACLs.

You can access the ACL records by navigating to Access Control (ACL) in the filter navigator.

To edit or create ACLs you need to elevate your security privileges, by selecting Elevate Role from the profile menu and then checking the security_admin role checkbox on the popup window that appears.

Image: Showing the Elevate Role popup window that allows an Administrator to elevate their account to the security_admin role.

Administrator Tip

1. If you do not have the security_admin role you need to have it assigned to you by an administrator who already holds the security_admin role.

Lesson Summary

ACLs (Access Control Lists) in ServiceNow are stored as records in the sys_security_acl table within the database. Here are some key points to understand about ACLs:

• To view ACLs, you need to have the admin role.
• To create and edit ACLs, you need to hold the security_admin role.
• To access ACL records, navigate to Access Control (ACL) in the filter navigator.
• You must elevate your roles before you can create or edit ACLs.
• An administrator who already holds the security_admin role must grant you the security_admin role before you can create or edit ACLs.

When are you ready to create or edit an ACL? When you can confidently answer the following questions:

1. What am I trying to achieve by editing or creating this ACL?
2. What impact will my new or edited ACL have on the security of the table or object?
3. How will I test that my change has worked as expected?

You are prepared to create and edit ACLs in ServiceNow.