Question: what are the two settings that we can perform with context to contextual security manager
a.can change the release dates and restrict auto generated notifications
b.can change the release dates and manage group personnel
c.can restrict the application and increase the notification size
d.can restrict attachment list and increase attachment size
Answer: d. These are settings which are inherited only if user has security_admin role. Once you have this role you can control the security of your instance.
Question: Which among the following is correct regarding access control list
a.the row level and field level rule both should be active before required operation should takes place
b.for more than one rule, older one runs first
c.rule which have more roles will get the precedence
d.rules run from general to specific
Answer: a. ACLs are the access control levels which define whether the security of any table or field, It controls whether w table or field should be visible to any particular user or not.
Question: What does Contextual security Manager do ?
Answer: Contextual Manager is a user in servicenow instance who has security_admin role . He has the authority to control the security or visibility of any table or field. Contextual manager creates ACL.
Question: List can be edit by ?
Step 1: Open any table whose list you want to edit & then right click on the header of the table
Step 2: Select Configure & then List Layout
Step 3: This will open a page with AVAILABLE & SELECTED slush bucket.
Step 4: Any field which you want to make visible in list : move it from ‘available’ slush bucket to ‘selected’ sluch bucket & click on OK.
Question: ACL is part of which security?
a. Physical Security b. Contextual Security c. Compliance Security
Answer: b. Contextual Security
Question: Is any specific role required for creating or editing ACLs?
Answer: YES , security_admin role is required to create or edit ACLs.
Question: Choose the order of evaluation of ACLs
Answer: An ACL rule only grants a user access to an object if the user meets all of the permissions required by the matching ACL rules.
-The condition must evaluate to true.
-The script must evaluate to true or return an answer variable with the value of true.
-The user must have one of the roles in the required roles list.
-The other matching ACL rules for the object type must evaluate to true.
Question: ACL is applied on –
d.table and field in table
Answer: d.table and field in table
NOTE on ACL :
- High Security Settings: Default property values to harden security on your platform by centralizing all critical security settings to one location for management and auditing.
- Default Deny Property: A new security manager property controls the default security behavior for table access.
- Security Administrator Role: A new role used to prevent modification of key security settings and resources. The Security Administrator role is not inherited by the admin role and must be explicitly assigned.
- Access Control Lists: Prevents modification of sensitive and platform-level resources in prior versions.
- Property Access Control: Enables the ability to set read and write roles to individual properties in order to prevent modification.
- Elevated Privilege: Allows users to operate in the context of a normal user and elevate to higher security role when needed.