Defining a complex role Security

General Add comments
by:

Some of our customers require a complex role security for the setup in ServiceNow. This can mean that multiple tool roles are used and each of them has different abilities on the fields and buttons in the tool. Defining the requirements for a complex role security can be difficult. Not only for the customer but also for the developers who need to build it. This can be a complex process because of the amount of fields, buttons statuses and roles that might be required
To make life easier we use a “Security Matrix” document that helps defining the security setup. The matrix provides an overview of the fields and buttons that are present on an entity (i.e. an Incident record or change record) set against the roles and statuses that can be used. For each field/button the matrix indicates what each role in all different statuses is allowed to do within the system.

Field/Button Field A Field B Field C Button 1
Role Status
Role 1 New Mandatory Mandatory Read Hidden
In progress Read Read Read Hidden
Closed Read Read Read Hidden
Role 2 New Update Update Update Update
In progress Update Update Update Update
Closed Update Update Update Update
Role 3 New Read Read Read Hidden
In progress Read Read Read Hidden
Closed Read Read Read Hidden

For each Field or Button the matrix indicates what a user can do with it:
• Hidden: Field or Button is not available for users with the role
• Read: Field or Button can only be seen by users with the role
• Update: Field or Button can be seen and updated/used by users with the role
• Mandatory: Field or Button is readable, updatable/usable and must be filled by the users with the role

By using the “Security Matrix” as mentioned above it’s easier to create a complete overview of what the customer requires. The developer can then define the security setup of the application based on it.
After the security setup has been build the “Security Matrix” can be used to perform test activities to validate if what was requested has been built properly.
Finally the “Security Matrix” also can be used by a Functional supporter as Functional documentation to answer questions of End-users when the tool has been delivered.

This is just a simple script to help you! If you need more information, please let me know via comment or send me an email: .img[at].img

Leave a Reply