Confidential records

  • Release version: Xanadu
  • Updated July 31, 2025
  • 5 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Confidential records

    ServiceNow GRC enables you to mark sensitive Governance, Risk, and Compliance (GRC) records as confidential, restricting access to authorized users or groups. This feature helps ensure data privacy and compliance by controlling visibility of critical records across Audit Management, Policy and Compliance Management, Risk Management, and more.

    Show full answer Show less

    Key Features

    • Enable Record Level Confidentiality: This property, found under GRC settings, must be enabled to activate confidentiality on records. It is off by default and irreversible once turned on.
    • Confidential Records Module: Once enabled, confidential records appear under a dedicated GRC Confidential module in the application navigator.
    • Confidentiality Tab on Forms: Users with write access can mark records as confidential, which activates Allowed Users and Allowed Groups lists controlling access.
    • Allowed Users and Groups: Only users/groups listed here can access confidential records, provided they have appropriate roles.
    • Role Requirements: Users without standard GRC roles need the sngrc.confidentialuser role to access confidential records. Existing GRC users on the allowed lists retain access.
    • Auto-Population of Allowed Users: Users related to the record (e.g., Assigned To, Approvers) are automatically added to allowed lists based on the record type and application.
    • Email Notifications: When a record is marked confidential, all listed users and groups receive notification emails about access and role requirements.
    • Confidentiality Supported on Multiple Tables: The feature supports numerous GRC tables including audit tasks, risk events, remediation tasks, disclosures, metrics, and others, with customizable allowed users/groups per table.
    • Confidentiality Configuration: Starting with Utah release, default allowed users/groups can be customized via the sngrcconfidentialityconfiguration table.
    • Confidentiality Inheritance: When a parent record is marked or unmarked confidential, related child records inherit this status automatically, ensuring consistent data protection.
    • Workspace Support: Confidentiality can be managed directly in the workspace view for easier record handling.

    Access and Permissions

    • Administrators can view confidential records by default; this can be restricted through additional configuration.
    • Users must have either explicit access via Allowed Users/Groups lists or the sngrc.confidentialuser role to view confidential records.
    • Unmarking confidentiality removes all allowed user/group restrictions, reverting access controls to standard ACLs.

    Configuration and Next Steps

    • To use confidentiality on custom or additional GRC tables, update client scripts and ACLs accordingly as detailed in ServiceNow knowledge base articles.
    • You can create and manage confidentiality configuration records to control the default users and groups auto-populated for each supported table.
    • Refer to ServiceNow knowledge base articles (e.g., KB1218856, KB1497382) for detailed guidance on enabling and customizing confidentiality features.

    By leveraging these confidentiality capabilities, ServiceNow customers can secure sensitive GRC data effectively, ensuring compliance and controlled access aligned with organizational policies.

    You can mark sensitive GRC records as confidential. You can then make sure that the right people have access to these records.

    You can mark sensitive GRC records as confidential by setting the confidential option for a record. By doing this action, you can ensure that only certain users or users from specific user groups can access these confidential records.

    Confidentiality property

    A new option Enable record level confidentiality is available under GRC properties at the record level to enable confidentiality.
    Important:
    The Enable record level confidentiality property is turned off by default. When it is enabled, it can't be turned off again.

    The confidential records in GRC are listed under the GRC Confidential module. The GRC confidential records module is displayed in the application navigator only when you enable the Enable record level confidentiality property.

    Starting with San Diego, the GRC Confidential Records module is available for the Audit Management, GRC core, Policy and Compliance Management, and Risk Management applications.

    Unmarking confidentiality on the record

    When you unmark confidentiality on a record, allowed users and groups on that record will be removed and all the users will get access to the record based on ACL.

    User roles that are required to access the confidential records

    Users with the GRC confidential user (sn_grc.confidential_user) role can access the confidential records. This role is for the users who are not GRC users but who want to access the GRC confidential records.

    Users who have access and who are named in the record continue to have access to the record with the existing GRC role.

    Consider the following examples for different roles:
    • You are a risk user and you were given access to a risk record earlier. Now, you are part of the allowed users list for the same record. Therefore, even if you don't have the sn_grc.confidential_user role, you can access the record because you had access to this record earlier and your name is now listed on the allowed users list.
    • Your name is listed on the record, but you don't have the sn_grc.confidential_user role. You must have the sn_grc.confidential_user role first to access the record.

    When a record is marked as confidential, an email notification is sent out to the users and the user group members informing them about the assignment and the roles that are required to access the record. Every user that is listed in the Allowed users and Allowed groups list gets an email notification about the assignment of the record.

    Confidentiality tab on the form

    The Confidentiality tab on the form displays the following lists and options:
    • Confidential option: Enabling the Confidential option on the Confidentiality tab displays the Allowed users and Allowed groups lists as shown in the following figure.
      Note:
      A user with write access to the record can enable the Confidential option on the Confidentiality tab.
      Figure 1. Confidentiality tab on a form
      Confidential tab on a form.
    • Allowed users list: When a record is marked as confidential, only the users in the Allowed users list have access to the record. A user who is listed in the Allowed users list should either have read access to the record or have the sn_grc.confidential_user role to access the confidential records.

      The logged-in user who enables the Confidential option gets auto-populated in the Allowed users list. The user who enables the Confidential option on the tab is auto-appended to the Allowed users list by default. Those users with write access to the record can unlock and update the Allowed users list.

      Note:
      There are no restrictions on which users can be added to the Allowed users list. A user who doesn't have the GRC role should have the sn_grc.confidential_user role to access the record. An email notification is also sent to the user about the role requirement.
    • Allowed groups list: When a record is marked as confidential, only the users that are listed in the Allowed groups list have access to the record. Those users with write access to the record can unlock and update the Allowed groups list.
      Note:
      Confidential records are visible to the users who are listed in the Allowed users or Allowed groups list. By default, the administrators can also view the confidential records. If you do not want the administrators to view the confidential records, follow the steps mentioned in KB1497382.
    Users who don't have the GRC user role but are listed in the Allowed users list or Allowed groups list can be assigned with the sn_grc.confidential_user role to access the confidential records.
    Confidentiality is supported on the following tables.
    Table 1. Tables on which confidentiality is supported
    Table label Table name Application scope Users that get auto-populated in the allowed users list Groups that get auto-populated in the allowed groups list
    Audit task sn_audit_task GRC: Audit Management Assigned To, Engineering lead, Engineering auditors, Engineering approvers Not applicable
    Engagement sn_audit_engagement GRC: Audit Management Auditors, Approvers, Engagement lead Not applicable
    Evidence request task sn_grc_advanced_evidence_response GRC: Advanced Core Requester, Assigned To, Approvers, Watchlist, Requested on behalf of Assignment Group
    Issue sn_grc_issue GRC: Profiles Assigned to, Issue Manager, Opened by Issue Manager Group,Assignment Group
    Observation sn_audit_advanced_observation GRC: Advanced audit Owner, Respondent, Peer Reviewer, Reviewer, Watch list Users, Engagement lead, Engineering auditor, Engineering approver Assignment Group
    Policy exception sn_compliance_policy_exception GRC: Policy and Compliance Management Requester, Approver, Watch list Approval Group
    Remediation task sn_grc_task GRC: Profiles Assigned to, Watch list, Issue Manager, Issue Assigned To Not applicable
    Risk events sn_risk_advanced_event GRC: Advanced Risk Current logged in user, Owner, Approver Owning group, Approval groups
    Disclosure sn_esg_disclosure ESG Management and Reporting Logged in user, reviewer, assigned to Not applicable
    Material topic sn_esg_material_topic ESG Management and Reporting Logged in user, reviewer Not applicable
    Metrics sn_grc_metric ESG Management and Reporting Logged in user, enterprise owner, data owner Enterprise owner group, data owner group
    Metric definitions sn_grc_metric_definition ESG Management and Reporting Logged in user, enterprise owner, data owner Enterprise owner group, data owner group
    Composite metric definitions sn_grc_composite_metric_definition ESG Management and Reporting Logged in user, enterprise owner Enterprise owner group

    Starting with Utah, confidential configuration for all the Out Of the Box confidentiality enabled GRC tables except sn_esg_material_topic, sn_grc_metric, sn_grc_metric_definition, sn_grc_composite_metric_definition, are shipped to sn_grc_confidentiality_configuration table. You can update and remove the user and group fields that are auto-populated into allowed users and groups of a record from this configuration.

    To know more about the confidentiality feature, see KB1218856.

    Configure confidentiality in your GRC tables

    To enable confidentiality in your GRC tables, you must perform additional configuration, such as updating the client scripts and updating access control lists (ACLs). After you update the configuration for a specific ServiceNow platform table, the confidentiality functionality can be used on those table's forms.

    For information on how to enable confidentiality in your GRC tables, see KB1497382.
    Note:
    You must log in to Now Support to view the Knowledge Base articles.
    You can also enable Confidentiality on a form in the workspace view as shown in the following figure.
    Figure 2. Confidentiality in the workspace view
    Confidentiality section in the workspace view.