ServiceNow Interview Questions
ACLs
1. What is an ACL in ServiceNow?
An ACL (Access Control List) is a security rule that restricts the permissions of a user from viewing and interacting with data. It defines what data a user can access and what actions they can perform on that data.
2. What are the different types of ACLs in ServiceNow?
The different types of ACLs are:
Record ACLs: Control access to records in a table.
Field ACLs: Control access to specific fields within a record.
Script ACLs: Control access to scripts and script includes.
3. What is the difference between Before and After Business Rules?
- Before Business Rules run before the record is saved to the database, allowing you to modify the record before it is committed.
- After Business Rules run after the record is saved to the database, suitable for actions that do not need to modify the record being saved.
4. What
is the difference between Table.None and Table.* ACLs?
- Table.None:
Controls access to the entire record.
- Table.*:
Controls access to all fields within the table.
5. What
is the order of execution for ACLs?
- ACLs
are processed in the following order:
- Table.None
- Table.*
- Field
Level
6. How
do you debug ACLs?
- Use
the Security Debug module to see which ACLs are being evaluated
and their results.
- Use gs.log() to
log messages for debugging purposes.
7. What
is the purpose of the Admin Override checkbox in ACLs?
The
Admin Override checkbox allows users with the admin role to bypass the
ACL rules.
8. What
is the difference between ACL and Business Rule?
- ACL:
Controls access to data based on user roles and conditions.
- Business
Rule: Executes server-side logic when records are inserted, updated,
deleted, or queried.
9. What
happens if there is a conflict between an ACL and a UI Policy?
ACLs
take precedence over UI Policies. If an ACL restricts access to a field,
the field will remain restricted even if a UI Policy tries to make it
editable.
10. Can
you use scripts in ACLs?
Yes,
you can use scripts in ACLs to define complex conditions and logic for
granting or denying access.
11. How do you use the gs.hasRole() method in an ACL script?
The gs.hasRole() method checks if the current user has a specific role. For example:
JavaScript
if (gs.hasRole('admin')) {
answer = true;
} else {
answer = false;
}
12. How do you restrict access to a specific field in a table using ACLs?
Create a Field ACL for the specific field:
Navigate to System Security > Access Control (ACL).
Click New.
Set the Type to Field.
Select the Table and Field.
Define the Operation (e.g., read, write).
Write the script to control access.
Save the ACL.
13. What is the difference between gs.hasRole() and gs.hasRoleExactly() in ACL scripts?
gs.hasRole() checks if the user has the specified role or any role that inherits from it.
gs.hasRoleExactly() checks if the user has exactly the specified role, without considering role inheritance.
How do you create a dynamic condition for an ACL?
Answer: Use a script in the ACL to create a dynamic condition. For example:
JavaScript
if (current.priority == 1 && gs.hasRole('itil')) {
answer = true;
} else {
answer = false;
}
14. How do you use the current and previous objects in an ACL script?
The current object represents the record being accessed, and the previous object represents the state of the record before the current update. For example:
JavaScript
if (current.state != previous.state && current.state == 'closed') {
answer = true;
} else {
answer = false;
}
15. How do you use the gs.getUser() method in an ACL script?
The gs.getUser() method returns the current user object, which can be used to get user details like user ID, roles, and other attributes. For example:
JavaScript
var user = gs.getUser();
if (user.getID() == current.assigned_to) {
answer = true;
} else {
answer = false;
}
16. How do you create a dynamic read ACL that only allows users to read records if they are the record’s creator or have a specific role?
Create a read ACL with a script that checks if the user is the record’s creator or has a specific role. For example:
JavaScript
if (current.sys_created_by == gs.getUserName() || gs.hasRole('specific_role')) {
answer = true;
} else {
answer = false;
}
17. How do you restrict access to a specific field based on the value of another field in the same record?
Create a field ACL with a script that checks the value of another field. For example, to restrict access to the priority field based on the state field:
JavaScript
if (current.state == 'closed') {
answer = false;
} else {
answer = true;
}
18. How do you use a Script Include in an ACL to centralize complex access logic?
Create a Script Include with the access logic and call it from the ACL script. For example:
JavaScript
// Script Include
var AccessHelper = Class.create();
AccessHelper.prototype = {
initialize: function() {},
canReadRecord: function(record) {
return record.sys_created_by == gs.getUserName() || gs.hasRole('specific_role');
}
};
// ACL Script
var accessHelper = new AccessHelper();
answer = accessHelper.canReadRecord(current);
19. How do you create an ACL that only allows access during specific hours of the day?
Create an ACL with a script that checks the current time. For example:
JavaScript
var currentTime = new GlideDateTime().getDisplayValue();
var hour = parseInt(currentTime.substring(11, 13), 10);
if (hour >= 9 && hour <= 17) { // Allow access between 9 AM and 5 PM
answer = true;
} else {
answer = false;
}
20. How do you create an ACL that restricts access based on the user’s department?
Create an ACL with a script that checks the user’s department. For example:
JavaScript
var user = gs.getUser();
var userDept = user.getDepartmentID();
if (userDept == current.department) {
answer = true;
} else {
answer = false;
}
21. How do you create an ACL that allows access only if the user is part of a specific group?
Create an ACL with a script that checks if the user is part of a specific group. For example:
JavaScript
var user = gs.getUser();
var userGroups = user.getMyGroups();
var allowedGroup = 'sys_id_of_specific_group';
if (userGroups.indexOf(allowedGroup) != -1) {
answer = true;
} else {
answer = false;
}
22. How do you create an ACL that allows access based on the user’s location?
Create an ACL with a script that checks the user’s location. For example:
JavaScript
var user = gs.getUser();
var userLocation = user.getLocationID();
if (userLocation == current.location) {
answer = true;
} else {
answer = false;
}
23. How do you create an ACL that restricts access to records created within the last 30 days?
Create an ACL with a script that checks the record’s creation date. For example:
JavaScript
var creationDate = new GlideDateTime(current.sys_created_on);
var thirtyDaysAgo = new GlideDateTime();
thirtyDaysAgo.addDays(-30);
if (creationDate >= thirtyDaysAgo) {
answer = true;
} else {
answer = false;
}
24. How do you create an ACL that allows access only if the user has a specific certification?
Create an ACL with a script that checks if the user has a specific certification. For example:
JavaScript
var user = gs.getUser();
var userCertifications = user.getCertifications();
if (userCertifications.indexOf('specific_certification') != -1) {
answer = true;
} else {
answer = false;
}
25. How do you create an ACL that restricts access based on the user’s manager?
Create an ACL with a script that checks if the user’s manager matches a specific condition. For example:
JavaScript
var user = gs.getUser();
var userManager = user.getManagerID();
if (userManager == current.manager) {
answer = true;
} else {
answer = false;
}
26. Scenario: You need to ensure that only users from the HR department can read records in the Employee table. How would you implement this?
Create a read ACL on the Employee table with a script that checks if the user’s department is HR.
JavaScript:
var user = gs.getUser();
var userDept = user.getDepartmentID();
var hrDept = 'sys_id_of_hr_department';
if (userDept == hrDept) {
answer = true;
} else {
answer = false;
}
27. Scenario: You want to restrict write access to the salary field in the Employee table to only managers. How would you achieve this?
Create a write ACL on the salary field in the Employee table with a script that checks if the user has the manager role.
JavaScript
if (gs.hasRole('manager')) {
answer = true;
} else {
answer = false;
}
28. Scenario: You need to allow access to incident records only if the user is the assigned_to or the manager of the assigned_to. How would you set this up?
Create a read ACL on the Incident table with a script that checks if the user is the assigned_to or the manager of the assigned_to.
JavaScript
var user = gs.getUser();
if (current.assigned_to == user.getID() || current.assigned_to.manager == user.getID()) {
answer = true;
} else {
answer = false;
}
29. Scenario: You want to restrict access to records in a custom table based on the user’s location. How would you implement this?
Create a read ACL on the custom table with a script that checks if the user’s location matches the record’s location.
JavaScript
var user = gs.getUser();
var userLocation = user.getLocationID();
if (userLocation == current.location) {
answer = true;
} else {
answer = false;
}
30. Scenario: You need to ensure that only users with a specific certification can access sensitive records. How would you achieve this?
Create a read ACL on the sensitive records table with a script that checks if the user has the required certification.
JavaScript
var user = gs.getUser();
var userCertifications = user.getCertifications();
if (userCertifications.indexOf('required_certification') != -1) {
answer = true;
} else {
answer = false;
}
31. Scenario: You want to allow access to records in the Project table only during business hours (9 AM to 5 PM). How would you set this up?
Create a read ACL on the Project table with a script that checks the current time.
JavaScript
var currentTime = new GlideDateTime().getDisplayValue();
var hour = parseInt(currentTime.substring(11, 13), 10);
if (hour >= 9 && hour <= 17) { // Allow access between 9 AM and 5 PM
answer = true;
} else {
answer = false;
}
32. Scenario: You need to restrict access to records created within the last 30 days to only users with the admin role. How would you implement this?
Create a read ACL on the table with a script that checks the record’s creation date and the user’s role.
JavaScript
var creationDate = new GlideDateTime(current.sys_created_on);
var thirtyDaysAgo = new GlideDateTime();
thirtyDaysAgo.addDays(-30);
if (creationDate >= thirtyDaysAgo && gs.hasRole('admin')) {
answer = true;
} else {
answer = false;
}
33. Scenario: You want to allow access to records in the Case table only if the user is part of a specific group. How would you achieve this?
Create a read ACL on the Case table with a script that checks if the user is part of the specific group.
JavaScript
var user = gs.getUser();
var userGroups = user.getMyGroups();
var allowedGroup = 'sys_id_of_specific_group';
if (userGroups.indexOf(allowedGroup) != -1) {
answer = true;
} else {
answer = false;
}
34. Scenario: You need to ensure that only users with a specific role can delete records in the Incident table. How would you set this up?
Create a delete ACL on the Incident table with a script that checks if the user has the specific role.
JavaScript
if (gs.hasRole('specific_role')) {
answer = true;
} else {
answer = false;
}
35. Scenario: You want to restrict access to records based on the user’s manager. How would you implement this?
Create a read ACL on the table with a script that checks if the user’s manager matches a specific condition.
JavaScript
var user = gs.getUser();
var userManager = user.getManagerID();
if (userManager == current.manager) {
answer = true;
} else {
answer = false;
}
No comments:
Post a Comment