Key advantages

Sensitive Info Agent role

The sn_uni_req.sensitiveinfo_agent role controls who views and acts on the universal requests that have sensitive information. Only the UR routing agents from the current assignment group with the sn_uni_req.sensitiveinfo_agent role, and the primary ticket agent can view the complete details of the ticket.

For example, if an HR case (primary ticket) is created for a universal request, then only the HR routing agent with the sn_uni_req.sensitiveinfo_agent role, or the HR case agent can view the complete details of the request, such as the short description, description, attachments, and comments.

An agent without the sensitive agent role can access only the primary information of the request. The secured fields (short description, description), attachments, and comments in the activity stream are hidden.

Application Administration enabled scoped application

Universal Request is an Application administration enabled application. If you are configuring your service that is also an application administration enabled application or has it's own security modal, then you must register your application. For more information, see Register application administration enabled scoped application. This ensures that the security is maintained within the universal request.

Raising a sensitive universal request from the portal

When requesters create a request using the Request Help option on the Service Portal, Employee Center, or Mobile app, then they can secure the information provided as sensitive.

To help requesters identify sensitive information, a knowledge article is provided on the Request Help page. After determining if the request is sensitive, they can select the Issue contains sensitive or confidential information check box. If the check box is selected, the requester can select the department to which the issue might belong, or choose the I'm not sure (general submission).

If the Predictive Intelligence for Universal Request [com.snc.universal_request.ml] plugin is installed, then the department is auto-selected, and the requester is notified about the selection. For more information, see Activate Predictive Intelligence for Universal Request. The requester can then choose to override the suggestion. On submission, this action creates a universal request marked as Restricted.

At times, agents can also create a request from an interaction, a call, or from the Self-Service module. In such cases, the agent can mark the request as Restricted.

Agent experience of UR security

Any agent can view the list of universal requests that are marked as restricted. However, only the service-specific assignment group agent or the agent who have access to sensitive requests can view the detailed information. While triaging, any agent who views the request and identifies that it has sensitive information can mark it as restricted.

If the Predictive Intelligence for Universal Request [com.snc.universal_request.ml] plugin is installed, then UR with sensitive information is automatically identified and marked as restricted and only agents with sn_uni_req.sensitiveinfo_agent role can access and work on the request.

However, only the service-specific assignment group agent or the agent with the role to access a sensitive request can mark it as unrestricted. For more information, see Restrict universal request access or Mark universal request as unrestricted. You can mark a request as restricted or unrestricted directly on the universal request or from the primary ticket.

Transferring a restricted request

A restricted request means the parent universal request is marked as restricted. When a primary ticket of the sensitive universal request is transferred to another department, the security controls are also transferred, as the assignment group of the UR changes.

COE Security

COE security policies are a way to easily restrict access to different COEs via configuration. The underlying COE security policy implementations are ServiceNow ACLs.