Skip to main content

ServiceNow new in Tokyo - Data Filtration

 - these work in conjunction with ACLs, however they are executed BEFORE the ACLs

- data filtration is a 'deny' principle whereas ACL a 'grant' principle

- data filtration reduces the need for scripting

- they run AFTER before query business rules

- will still see the 'removed due to security contraints' message unfortunately

- requires security_admin role just like ACLs but there is no admin override feature

- specific to scoped app it's defined in (might not have access to certain global/other app tables if defined in a scoped app)

- key design criteria: machine enforceable and human readable (so improves on ACLs)

- declarative option over scripted option reduces technical debt

- No ACL will grant you access that a data filtration has already taken out

- may need to install the 'data filtration' plugin as not installed by default yet on Tokyo version

- remember to elevate privilege to security admin first

(ServiceNow )

(full video transcript: