Entity Based Access

  • Release version: Yokohama
  • Updated July 31, 2025
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Entity Based Access

    The Entity Based Access (EBA) application, introduced in the Yokohama release, enables ServiceNow customers to enforce granular, entity-centric data segregation and access control. Unlike previous role-only based restrictions, EBA allows administrators to map users or user groups to specific entities, restricting access to records such as risks, controls, and issues by geographic or functional boundaries. This ensures users only access data relevant to their assigned entities, enhancing security and compliance.

    Show full answer Show less

    Administrators configure access by associating users or groups with entities or entity-related fields, minimizing unnecessary data exposure. Configuration is managed through the Entity Based Access Configurations module within the instance.

    Key Features

    • Granular Access Control: Enables detailed permissions tied to entities, including their hierarchical downstream records.
    • Flexible Configurations: Supports entity hierarchies, entity classes, and entity types to tailor access across groups of entities.
    • Bulk Access Updates: Allows gradual, selective application of access restrictions to large sets of records to avoid operational disruptions.
    • Dynamic User Access: Access is dynamically granted based on user or user group fields within entities, ensuring up-to-date permissions without manual intervention.
    • Automated Access Rules: Entity-based record access rules automatically enforce restrictions on new or modified records, maintaining consistent access controls.
    • Deactivation Support: Deactivating EBA disables configurations and automates record-level access evaluation to streamline administration.

    Important Considerations

    • EBA cannot be used simultaneously with User Hierarchy Access or User Group Access features.
    • Confidential users retain access to confidential records regardless of EBA configurations.
    • Performance and custom table usage limitations exist; customers should review relevant knowledge base articles for detailed guidance.

    Practical Use and Administration

    ServiceNow customers can use EBA to enforce entity-specific data access policies, particularly useful in regulated environments or multi-region organizations. The Entity Based Access record update utility assists in applying access changes across large datasets efficiently.

    Users with appropriate roles can manage and update EBA configurations and apply bulk updates. The application must be installed from the ServiceNow Store, followed by property setup in the instance.

    Supported Scenarios

    EBA is particularly effective for controlling access to Governance, Risk, and Compliance (GRC) tables and other supported objects, ensuring users see only records pertinent to their entity assignments.

    The Entity Based Access (EBA) application enables you to segregate data on the records that are based on entities. Entity-based access administrators can use this tool to set up secure, controlled access to various objects.

    Entity Based Access overview

    Before the Yokohama release, user restrictions were based only on their roles within the system without consideration for their geographical locations or specific functions. Access to objects like risks, controls, and issues was broadly managed. For example, a risk manager in North America had access to risk records across all regions, not just their own.

    From the Yokohama release onwards, Entity Based Access facilitates object access via entities. You can map entities to specific users or user groups, enabling you with a granular level of access control.

    With Entity Based Access, you can segregate data and manage access to help ensure that users can only access permitted data through entity-based access. Your administrators can grant access to an entity’s related records. They can add users or user groups for access. Access can also be granted through entity user fields or entity user group fields, minimizing the risk of unnecessary data exposure.

    To use the Entity Based Access configuration, navigate to Entity Based Access Configurations in an instance.

    Key features of Entity Based Access

    Key features of the Entity Based Access configuration include:
    • Detailed control over access to various objects via entities within the system.
    • Versatile configuration options. For example, you can configure Entity Based Access within an entity hierarchy to restrict access to the entity and its downstream related records or across a group of entities by using an entity class or entity type. With bulk access update configurations, you can apply access restrictions selectively to scoped records. You can implement access restrictions gradually to help ensure smooth adoption without operational disruptions.
    • Access that is provided by including specific user field or user group fields in the entity-based access configuration. Users who are part of the configuration get dynamic access to the records.

    Key points to note about Entity Based Access

    Entity Based Access restricts access to records to users based on the configuration as shown in the following diagram:

    Figure 1. Entity-based access security flow
    Entity-based access security flow that is described in the text that follows.
    The details about the entity-based access security flow are:
    • If User Hierarchy Access or User Group Access is enabled, you can't use Entity Based Access.
    • Confidential users can continue to access the confidential records whether they’re or not part of the entity-based access configuration.
    Important: