Confidential records

  • Release version: Yokohama
  • Updated July 31, 2025
  • 5 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Confidential records

    This feature allows ServiceNow GRC customers to mark sensitive GRC records as confidential to restrict access to authorized users only. By enabling record-level confidentiality, you control who can view specific records by assigning access to designated users or user groups.

    Show full answer Show less

    Confidential records are managed via the GRC Confidential module, which becomes visible only after enabling the Enable record level confidentiality property under GRC properties. This feature supports multiple GRC applications including Audit Management, Policy and Compliance Management, Risk Management, and more.

    Key Features

    • Enable Record Level Confidentiality: Must be turned on to mark records as confidential; once enabled, it cannot be disabled.
    • Confidentiality Tab: Available on record forms, allowing users with write access to mark a record as confidential and manage Allowed users and Allowed groups lists.
    • Allowed Users and Groups: Only users listed here or with specific roles can access confidential records. The user marking the record confidential is automatically added to the Allowed users list.
    • Access Roles: Users need the sngrc.confidentialuser role to access confidential records if they are not otherwise GRC users. Existing users with roles and listed access continue to have access.
    • Notification: Email notifications are sent to all users and groups added to a confidential record, informing them of access requirements.
    • Supported Tables: Confidentiality is supported on key GRC tables such as audit tasks, risk events, policy exceptions, evidence requests, and ESG management tables. Auto-populated users and groups vary by table and can be customized.
    • Configuration: Additional setup is required to enable confidentiality on specific GRC tables, including updates to client scripts and ACLs. Configuration records and confidentiality inheritance can be managed within the GRC Confidentiality Configuration module.
    • Inheritance: Marking or unmarking a parent record as confidential cascades the confidentiality setting to related child records.

    Key Outcomes

    • Ensures sensitive GRC data is protected by restricting access to authorized users only.
    • Improves compliance by controlling visibility of confidential audit, risk, policy, and ESG records.
    • Enables fine-grained access control through Allowed users/groups lists and role assignments.
    • Facilitates management of confidential records with automated notifications and inheritance options.
    • Provides flexibility to customize confidentiality settings per table and user/group requirements.

    You can mark sensitive GRC records as confidential. You can then make sure that the right people have access to these records.

    You can mark sensitive GRC records as confidential by setting the confidential option for a record. By doing this action, you can ensure that only certain users or users from specific user groups can access these confidential records.

    Confidentiality property

    A new option Enable record level confidentiality is available under GRC properties at the record level to enable confidentiality.
    Important:
    The Enable record level confidentiality property is turned off by default. When it is enabled, it can't be turned off again.

    The confidential records in GRC are listed under the GRC Confidential module. The GRC confidential records module is displayed in the application navigator only when you enable the Enable record level confidentiality property.

    Starting with San Diego, the GRC Confidential Records module is available for the Audit Management, GRC core, Policy and Compliance Management, and Risk Management applications.

    Unmarking confidentiality on the record

    When you unmark confidentiality on a record, allowed users and groups on that record will be removed and all the users will get access to the record based on ACL.

    User roles that are required to access the confidential records

    Users with the GRC confidential user (sn_grc.confidential_user) role can access the confidential records. This role is for the users who are not GRC users but who want to access the GRC confidential records.

    Users who have access and who are named in the record continue to have access to the record with the existing GRC role.

    Consider the following examples for different roles:
    • You are a risk user and you were given access to a risk record earlier. Now, you are part of the allowed users list for the same record. Therefore, even if you don't have the sn_grc.confidential_user role, you can access the record because you had access to this record earlier and your name is now listed on the allowed users list.
    • Your name is listed on the record, but you don't have the sn_grc.confidential_user role. You must have the sn_grc.confidential_user role first to access the record.

    When a record is marked as confidential, an email notification is sent out to the users and the user group members informing them about the assignment and the roles that are required to access the record. Every user that is listed in the Allowed users and Allowed groups list gets an email notification about the assignment of the record.

    Confidentiality tab on the form

    The Confidentiality tab on the form displays the following lists and options:
    • Confidential option: Enabling the Confidential option on the Confidentiality tab displays the Allowed users and Allowed groups lists as shown in the following figure.
      Note:
      A user with write access to the record can enable the Confidential option on the Confidentiality tab.
      Figure 1. Confidentiality tab on a form
      Confidential tab on a form.
    • Allowed users list: When a record is marked as confidential, only the users in the Allowed users list have access to the record. A user who is listed in the Allowed users list should either have read access to the record or have the sn_grc.confidential_user role to access the confidential records.

      The logged-in user who enables the Confidential option gets auto-populated in the Allowed users list. The user who enables the Confidential option on the tab is auto-appended to the Allowed users list by default. Those users with write access to the record can unlock and update the Allowed users list.

      Note:
      There are no restrictions on which users can be added to the Allowed users list. A user who doesn't have the GRC role should have the sn_grc.confidential_user role to access the record. An email notification is also sent to the user about the role requirement.
    • Allowed groups list: When a record is marked as confidential, only the users that are listed in the Allowed groups list have access to the record. Those users with write access to the record can unlock and update the Allowed groups list.
      Note:
      Confidential records are visible to the users who are listed in the Allowed users or Allowed groups list. By default, the administrators can also view the confidential records. If you do not want the administrators to view the confidential records, follow the steps mentioned in KB1497382.
    Users who don't have the GRC user role but are listed in the Allowed users list or Allowed groups list can be assigned with the sn_grc.confidential_user role to access the confidential records.
    Confidentiality is supported on the following tables.
    Table 1. Tables on which confidentiality is supported
    Table label Table name Application scope Users that get auto-populated in the allowed users list Groups that get auto-populated in the allowed groups list
    Audit task sn_audit_task GRC: Audit Management Assigned To, Engineering lead, Engineering auditors, Engineering approvers Not applicable
    Engagement sn_audit_engagement GRC: Audit Management Auditors, Approvers, Engagement lead Not applicable
    Evidence request task sn_grc_advanced_evidence_response GRC: Advanced Core Requester, Assigned To, Approvers, Watchlist, Requested on behalf of Assignment Group
    Issue sn_grc_issue GRC: Profiles Assigned to, Issue Manager, Opened by Issue Manager Group,Assignment Group
    Observation sn_audit_advanced_observation GRC: Advanced audit Owner, Respondent, Peer Reviewer, Reviewer, Watch list Users, Engagement lead, Engineering auditor, Engineering approver Assignment Group
    Policy exception sn_compliance_policy_exception GRC: Policy and Compliance Management Requester, Approver, Watch list Approval Group
    Remediation task sn_grc_task GRC: Profiles Assigned to, Watch list, Issue Manager, Issue Assigned To Not applicable
    Risk events sn_risk_advanced_event GRC: Advanced Risk Current logged in user, Owner, Approver Owning group, Approval groups
    Disclosure sn_esg_disclosure ESG Management and Reporting Logged in user, reviewer, assigned to Not applicable
    Material topic sn_esg_material_topic ESG Management and Reporting Logged in user, reviewer Not applicable
    Metrics sn_grc_metric ESG Management and Reporting Logged in user, enterprise owner, data owner Enterprise owner group, data owner group
    Metric definitions sn_grc_metric_definition ESG Management and Reporting Logged in user, enterprise owner, data owner Enterprise owner group, data owner group
    Composite metric definitions sn_grc_composite_metric_definition ESG Management and Reporting Logged in user, enterprise owner Enterprise owner group

    Starting with Utah, confidential configuration for all the Out Of the Box confidentiality enabled GRC tables except sn_esg_material_topic, sn_grc_metric, sn_grc_metric_definition, sn_grc_composite_metric_definition, are shipped to sn_grc_confidentiality_configuration table. You can update and remove the user and group fields that are auto-populated into allowed users and groups of a record from this configuration.

    To know more about the confidentiality feature, see KB1218856.

    Configure confidentiality in your GRC tables

    To enable confidentiality in your GRC tables, you must perform additional configuration, such as updating the client scripts and updating access control lists (ACLs). After you update the configuration for a specific ServiceNow platform table, the confidentiality functionality can be used on those table's forms.

    For information on how to enable confidentiality in your GRC tables, see KB1497382.
    Note:
    You must log in to Now Support to view the Knowledge Base articles.
    You can also enable Confidentiality on a form in the workspace view as shown in the following figure.
    Figure 2. Confidentiality in the workspace view
    Confidentiality section in the workspace view.