Securing Table Records
Tables
When creating tables in scoped applications,
you must assign a role to the table. Specify the User role in the
Controls section of the table form. You can dynamically create a new
role or assign an existing role.
For all scoped application tables, the Create
access controls option is selected and is read-only. The combination of
Access Controls plus roles provide the minimum amount of security to
protect a table’s records against unauthorized access. In the default
case, only users with the table’s role can create, read, update, and
delete table records.
Access Controls
Access Controls restrict access to data by requiring users to pass a set of requirements. Access Controls define:
Access Controls are automatically created when
tables are added to scoped applications. The four default Access
Controls grant access to the table’s records. Permission is granted for
these operations:
To be granted access by the default Access Controls, a user must have the User role specified for the table.
The default Access Controls grant permissions for entire table records; there are no default restrictions for record fields.
ServiceNow is default deny unless configured
otherwise. Permission must be explicitly granted by Access Controls for a
user to have access to records and record fields.
