GRC: Entity Based Access release notes

  • Release version: Store
  • Updated June 11, 2026
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of GRC: Entity Based Access Release Notes

    The GRC: Entity Based Access application enhances security and access management within ServiceNow by enabling granular, entity-level access restrictions. This application controls user visibility and permissions on entities and related records, supporting compliance and audit requirements while optimizing performance and usability.

    Show full answer Show less

    Key Features and Enhancements

    • Audit Workspace Integration (Version 22.3.1): Audit-relevant configuration records are restricted to users with the Third Line Manager role, enhancing audit security by hiding sensitive configurations from general users.
    • Platform-wide Row-Level Query Security: All Entity-Based Access tables now enforce row-level query restrictions for list views, reports, and REST queries, ensuring users only see authorized data, improving security and system performance.
    • Preservation of Custom ACLs: Custom query-level access control lists (ACLs) are preserved during plugin installs and upgrades by deactivating conflicting platform defaults, protecting customer customizations.
    • Improved Access Resolution Performance: Optimizations reduce duplicate processing when determining user access to parent records, resulting in faster list loading and access checks without changing access outcomes.
    • Tightened Authorization on Table-Label Lookups: Display labels for Entity-Based Access reference tables now enforce read permissions, preventing unauthorized users from viewing table names in the UI.
    • Localization Updates: Translations for system messages, UI labels, and documentation have been refreshed in 23 languages, improving accessibility for non-English speaking users.
    • Record Attributes User Access Control (Version 21.1.4): Ensures users and groups referenced in record fields retain seamless access even with entity-based access enabled, reducing manual admin effort.
    • Bulk Access Update Utility with Guided Assistance (Version 21.0.2): A four-step guided process enables administrators to efficiently apply entity-based access restrictions at the record level, improving ease of configuration and accuracy.
    • Entity-Based Data Access Rules and Custom Table Support: Added support for custom tables and continuous maintenance of access restrictions on related record types, allowing flexible and comprehensive access control.
    • Notification Fixes: Email notifications on bulk utility job completions are now reliably sent, ensuring administrators receive timely success or failure alerts.

    Practical Benefits for ServiceNow Customers

    • Enhanced Security: Stronger, more granular access controls improve compliance and protect sensitive audit configurations.
    • Performance Improvements: Optimized access checks and query restrictions reduce load times and improve user experience.
    • Reduced Administrative Overhead: Guided assistance and automatic preservation of custom ACLs simplify configuration and maintenance.
    • Improved User Experience: Localization and precise permission checks ensure users see only relevant data in their preferred language.
    • Flexibility: Support for custom tables and detailed access rules enables tailored implementations fitting complex organizational needs.

    Version history for the GRC: Entity Based Access application on the ServiceNow Store.

    Important:
    For details on system requirements and family compatibility, view the application listing on the ServiceNow Store website.

    Version history

    Version 22.3.1 - June 2026 (Australia)
    • This release adds new security restrictions, performance improvements, and localization updates to GRC Entity-Based Access.
    • Audit Workspace restricts sensitive configurations: Access configuration records flagged as audit-relevant are now visible only to users with the Third Line Manager role when Audit Workspace is installed alongside Entity-Based Access, hiding them from general users to enhance audit security.
    • Row-level query security enforced platform-wide: All Entity-Based Access tables now have platform-managed row-level query restrictions, ensuring that users only see rows they are authorized to access during list views, reports, and REST queries, improving security and performance.
    • Preservation of custom query ACLs: During plugin installation and upgrades, custom query-level ACLs are detected and preserved by deactivating conflicting platform defaults, ensuring that customer customizations remain intact and clearly distinguished from system-supplied ACLs.
    • Improved access resolution performance: The process determining user access to parent records has been optimized to deduplicate matching records within the database, resulting in faster list loads and access checks without changing which records users can see.
    • Tightened authorization on table-label lookup: The internal service that returns display labels for Entity-Based Access reference tables now checks read permissions before providing the label, preventing unauthorized users from seeing table names in the user interface.
    • Localization updates in 23 languages: Translations for system messages, UI labels, and documentation have been refreshed across 23 languages, improving the experience for non-English speakers and ensuring previously missing strings are now translated.
    Version 22.0.1 - March 2026
    Fixed: Emails are sent upon completion of the bulk utility configurations job to notify users of successful changes or failures.
    Version 21.1.4 - December 2025 (Zurich)
    • New: Record Attributes User Access control: Maintain seamless access for users and groups referenced in record fields even though entity-based access is enabled. This avoids manual configurations, reduces administrative overhead, and helps in adopting entity-based access with minimal disruption.
    • Fixed: When Entity type configuration is deactivated, Entity type configuration was not removing the EBA restriction.
    Version 21.0.2 - August 2025
    • New:
      • Continuous maintenance of access restrictions on entity's related record types.
      • Introduced "Entity based data access rules" configuration.
        • Support for enabling Entity-based access on custom tables.
        • Provided entity-based access admin to perform CRUD operations on "Applicable record type" table.
    • Changed:
      • Entity access update utility experience from record page to guided assistance.
      • Apply entity-based access (EBA) restrictions at the record level by using guided assistance in the bulk access update utility.
      • Guided assistance consists of a four-step process:
        • Define the scope for the relevant entities, entity types, or entity classes.
        • Scope the related record types
        • Apply the conditions to each record type to refine the scope
        • Review the selected records before you execute and initiate the update
    • Fixed:
      • Entity-based access configuration deactivation behaviour
      • Deactivate entity-based access configuration, enabling the system to automatically assess the records that it impacts.
      • If only the configuration is restricting a record, the access restrictions are removed.
      • If other configurations also apply to the record, the restrictions remain in place and only the selected configuration is deactivated.
    Version 20.1.4 - May 2025
    • New framework to set up configurations to restrict access on entities and related downstream objects.
    • For example, restrict access to Risks and Controls of specific Locations or Entities to certain User groups or Users.