This article is based on the ServiceNow support article. See the original article on the ServiceNow support site: ServiceNow HI: Contextual security.
About contextual security #
This plugin enables contextual security to secure a record/information using create, read, write, and delete functionality. It secures the data with the help of ACL rules instead of traditional, role-based dictionary rules implemented by simple security manager. After this is installed, the dictionary roles (created by simple security manager) are no longer tested. Instead, the system looks for ACL rules on fields and tables. Even if you configure the dictionary form and add roles to a dictionary entry, no change in rights occurs.
| Contextual Security | |
|---|---|
| Plugin ID | com.glide.role_management |
| Configuration Type | System Definition > Plugins |
| Purpose | Unlike the simple security manager, the contextual security manager is aware of the system table hierarchy, which means you can potentially have different security rules for a field based on where in the hierarchy it is displayed. |
| Requirement | Mandatory |
| Recommended Value | Active |
| Default Behavior | Set to active and is activated upon upgrades. |
| Revertible behavior | N/A |
| Role required | Admin role is required to activate this plugin. |
| Release Version | Spring 2007 |
| Functional Impact | (Medium) This remediation enforces functional level of access controls, which would let application determine the access restrictions based on ACL table alone. |
| Security Risk | (High) Functional level access controls have to be enforced from the server side prior to CRUD operations being executed, ensuring the appropriate level of access to instance users. |
| Workaround | No alternate method available. |
| References | Brief: https://docs.servicenow.com/bundle/istanbul-servicenow-platform/page/administer/roles/reference/r_ContextualSecurity.html?cshalt=yes | Rule Search order: https://docs.servicenow.com/bundle/istanbul-servicenow-platform/page/administer/roles/reference/rule-search-order.htmlContextual Security Manager Best Practices: https://docs.servicenow.com/bundle/istanbul-servicenow-platform/page/administer/security/reference/r_ContextualSecurityManager.html | http://www.servicenowguru.com/showcase/servicenow-security-tips/ |
