Configuring confidential inheritance in your tables

  • Release version: Xanadu
  • Updated July 31, 2025
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Configuring Confidential Inheritance in Your Tables

    This guide explains how to set up confidentiality inheritance for tables in the GRC application. When a parent record is marked confidential, its related records inherit this status automatically. This feature ensures that all associated remediation tasks also reflect the confidentiality of the parent record, streamlining privacy management across related records.

    Show full answer Show less

    Key Features

    • Automatic inheritance of confidentiality: When a parent record (e.g., an issue) is marked as confidential, all related records (e.g., remediation tasks) are also marked as confidential.
    • User access management: The allowed users and groups are updated based on the confidentiality configuration of the parent record and its related tasks.
    • Unmarking confidentiality: A dialog box prompts users when unmarking confidentiality, allowing them to choose whether to apply changes to related records or just the parent record.
    • Configuration requirement: An inheritance configuration must exist between the parent and inherited tables for the functionality to work correctly.

    Key Outcomes

    By configuring confidentiality inheritance, ServiceNow customers can ensure consistent handling of confidential information across related records. This capability enhances data privacy while simplifying management processes. However, it is important to note that any new related records created after marking a parent record confidential will not inherit that status automatically.

    You can set up confidentiality inheritance in the tables that are already configured in the confidentiality configuration module. In the GRC application, whenever a parent record is marked or unmarked as confidential, its related table records are also marked or unmarked as confidential.

    When you mark an issue as confidential, a related remediation task is automatically marked as confidential. For example, let's look at issue A. Issue A has the remediation tasks P, Q, and R. If issue A is marked as confidential, the remediation tasks P, Q, and R are also marked as confidential. The allowed users and groups are automatically appended based on the remediation task's confidentiality configuration record. Issue A's allowed users and groups are automatically appended to the inherited records P, Q, and R.

    When an issue's confidentiality is unmarked, the corresponding confidentiality of a remediation task is also unmarked. Let's look at issue A again. Remember that issue A has the remediation tasks P, Q, and R. If the confidentiality is unmarked for issue A, then a dialog box appears with a question about whether it's okay to unmark the confidentiality for all the related tasks P, Q, and R or only for issue A. Based on what the selection is in the following example, the related records are unmarked as confidential.

    Figure 1. Unmark confidentiality
    Unmark confidentiality.

    As shown in the example dialog box, if Include downstream records was selected, then the confidentiality is unmarked for all the downstream records. If Only this record was selected, the confidentiality is unmarked for that single record only.

    If you have access to the related confidential records and remove the confidentiality for a parent record, then the related records are also non-confidential.
    Note:
    An inheritance configuration should exist between the parent and inherited tables.

    Examples of confidentiality inheritance

    Inheritance works only at the point of marking a parent record as confidential. Let's look at the following two examples:

    1. When a parent record is marked as confidential, the related non-confidential records are also marked as confidential due to the inherited configuration. But, if a related record is added later, it isn’t automatically marked as confidential.
    2. Whenever confidentiality is marked on a parent record and the inheritance isn’t passed to the related records, the changes that are made later to the allowed users and groups of the parent record are not inherited in the related records.

    For more information about the confidentiality inheritance configuration, see KB1213404 You must log in to the Now Support to view the Knowledge Base articles.