Content filtering for playbooks

  • Release version: Xanadu
  • Updated August 1, 2024
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Content filtering for playbooks

    Content filtering for playbooks in Workflow Studio allows ServiceNow customers to control access to playbook content based on user roles. This capability ensures users only see relevant and authorized activities, protecting sensitive or unnecessary content. Filtering is applied by defining content definitions, creating filtering rules linked to roles, and managing access accordingly.

    Show full answer Show less

    Key Features

    • Content Definitions: Specify types of Workflow Studio resources, such as activity definitions for playbooks. Definitions can include entire resources or be refined using conditions or resource tags for more granular control.
    • Content Filtering Rules: Link a single user role to a content definition to determine access. These rules control which activities a user can view and use within playbooks based on their assigned roles.
    • Role-Based Activity Definition Access: Access to activity definitions is managed via the Required Roles field. Only users with appropriate roles can see, select, copy, or modify activities.
    • Restricted Playbooks: If a playbook contains activities a user cannot access, the entire playbook is hidden from that user, ensuring complete security of restricted content.
    • Default Setup: Out of the box, there is a content definition named "Playbooks - All Activity Definitions" with filtering rules granting full access to users with delegateddeveloper or playbook.activitydefread roles.

    Practical Implementation

    • Use default content definitions and rules to quickly enable content filtering or create custom definitions and rules to tailor access to specific activities.
    • Assign roles carefully, noting that only users with the playbook.admin role can edit the Required Roles field on activity definitions, while both playbook.admin and pdcontentauthor roles can edit activity definitions themselves.
    • Grant access to subsets of activity definitions by assigning the playbook.write role rather than the pdauthor role for finer control.

    Key Outcomes

    • Users see only relevant playbook activities aligned with their roles, reducing clutter and preventing unauthorized access.
    • Playbooks containing restricted activities are fully protected by hiding them from unauthorized users, maintaining compliance and security.
    • Administrators can efficiently manage playbook content access through flexible definitions and role-based filtering rules, improving governance over Workflow Studio resources.

    Specify which content a user can access based on the user's role.

    Display only content that is relevant for a particular user, hiding content that is unnecessary or sensitive. Specify the Workflow Studio playbook content that you want to control access to and the role that a user must have to access it. For example, if a user with the guided_decision_builder role is creating a playbook, show only a relevant set of activities.

    To implement content filtering, you need:
    • Content definitions to specify types of content.
    • Content filtering rules and roles to determine who can access the content.
    There is one content definition for playbooks by default, the Playbooks - All Activity Definitions content definition. The Playbooks - All Activity Definitions content definition has two content filtering rules by default:
    • (Default) Playbook - Users with delegated_developer role can access all activity definitions
    • (Default) Playbook - Users with playbook.activity_def_read role can access all activity definitions
    This means that users with the roles delegated_developer or playbook.activity_def_read role can access all activity definitions. Get started with content filtering by using default definitions and rules, or create your own.

    Content definitions

    Content definitions specify a type of Workflow Studio resource. Resources are key elements of Workflow Studio components, such as activity definitions for playbooks. Create content definitions to include an entire resource, or use a condition builder to refine your definitions. For example, the content definition for playbook activity definitions includes all activity definitions, but you could create a content definition that includes only the activity definitions that contain Guided Decision in the Name or Package.

    You can further refine content definitions through tagging. Add resource tags to items in a resource list, then design your content definition to only include resources with that tag.

    Content filtering rules

    Content filtering rules specify the role that a user must have to access the content in a particular definition. Each rule associates a single user role with a single content definition. When a user accesses Workflow Studio playbooks, content filtering rules determine what activities the user may access based on the user's role.

    Role-based activity definition access

    Manage activity definition access by specifying the Required Roles to access an activity definition. To learn more about roles, see Playbooks roles. To learn more about activity definitions, see Activity definitions.


    Required roles field in an activity definition
    Note:
    Both playbook.admin and pd_content_author roles can edit activity definitions, but only the playbook.admin role can edit the Required Roles field.

    Restricted playbooks

    Users cannot view a playbook that contains activities that they do not have access to. When a playbook contains restricted activities, the entire playbook is restricted.

    Table 1. Access summary
    Resource filtered User has role User does not have role
    Activity Definition
    • The activity definition is visible to select when building a playbook.
    • The activity definition can be copied.
    • The activity definition can be modified.
    • The activity definition is hidden and cannot be selected when building a playbook.
    • Playbooks with the activity definition are not visible.

    Design considerations

    Content definition roles for activity definitions
    Give users access to the subset of activity definitions in a content definition by assigning the playbook.write role, not the pd_author role.