Implement access control in Now Assist AI agents

  • Release version: Xanadu
  • Updated September 11, 2025
  • 3 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Implement access control in Now Assist AI agents

    ServiceNow’s Now Assist AI agents use access control mechanisms to secure AI agents and agentic workflows, ensuring they align with the platform’s security standards. This is achieved through the combined use of access control lists (ACLs) and user identities, which govern who can invoke AI functions and under what permissions these functions operate.

    Show full answer Show less

    Access Control Lists (ACLs)

    ACLs specify which users can invoke agentic workflows or AI agents. Each agentic workflow, AI agent, and certain AI agent tools require individual ACL configurations. These ACLs focus solely on controlling user invocation rights and do not dictate the access permissions of the AI agent or workflow once it is running.

    • Types of ACLs:
      • Allow-If: Grants access if all conditions are met and does not block other ACLs from granting access.
      • Deny-Unless: Grants access only if specific role conditions are met and cannot be overridden.
    • ACL Options:
      • Any authenticated user – access granted to any logged-in user.
      • Users with specified roles – default option requiring role selection for invocation.
      • Public – access granted to all users, including guests.

    Each AI agent and agentic workflow must have a unique ACL to avoid execution failures caused by conflicting security settings.

    User Identity

    User identity defines the permissions and roles under which the AI agent or agentic workflow runs once invoked. Two configurations are available:

    • Dynamic user: Uses the roles of the logged-in user who initiates the AI agent or workflow. This is the default and preferred option unless elevated privileges are needed.
    • AI user: A dedicated user with assigned roles that remain consistent regardless of who triggers the execution. This is useful for scenarios requiring elevated or specific privileges.

    ServiceNow customers can create an AI user by adding a new record in the User table and selecting AI user as the identity type. User identities are configured at both the AI agent and agentic workflow levels.

    Practical Considerations for ServiceNow Customers

    • Configure ACLs carefully for every AI agent, agentic workflow, and relevant tools to control invocation based on roles or user authentication status.
    • Choose the appropriate user identity configuration to ensure the AI agent or workflow runs with the correct permissions—defaulting to dynamic user unless elevated privileges are necessary.
    • Review and coordinate ACLs across the agentic system to prevent conflicts that can cause AI agents or workflows to fail.
    • Leverage the guided setups in AI Agent Studio to configure ACLs and user identities accurately for AI agents and workflows.

    Implement security controls for AI agents and agentic workflows through access control lists (ACLs) and user identities to increase alignment with the access control-based security measures in the agentic system.

    Security for AI agents overview

    Access controls for agentic AI on the ServiceNow AI Platform comprises two major components: Access control lists (ACLs) and user identities. The interaction between these two components at the agentic workflow, AI agent, and tool levels within the AI Agent Studio influences their overall security and functionality.

    Access control lists

    The access control lists (ACLs) in Now Assist AI agents determine users who can invoke an agentic workflow or an AI agent. ACLs must be configured individually for each agentic workflow, AI agent, and certain AI agent tools.

    Important:
    ACLs configured in AI Agent Studio only determine the roles required for users to invoke an agentic workflow or an AI agent. They don't determine the access that the agentic workflow or an AI agent has once it’s invoked.

    User identity

    The user identity determines the roles that the AI agent or an agentic workflow operates with and the data it can access depending on the permissions assigned to the .

    After configuring the access control lists (ACLs), you must configure the User identity (also called as Run as) using which the AI agent or agentic workflow gets executed. There are two possible user configurations to select from:

    • Dynamic user: The logged-in user who invokes the execution of an AI agent or an agentic workflow. Dynamic user is the default user identity, and you can use the dynamic user unless there's a specific need that justifies an AI user.
    • AI user: A dedicated user who executes the AI agent or an agentic workflow with assigned roles that remain consistent regardless of who or how the execution is invoked. For example, an AI agent or an agentic workflow may need to be run with elevated privileges that the dynamic user might not have.

    If you do not have an AI user but want to use the AI user identity, you need to create a new record on the User table. See Create a user. Select AI user as the identity type.

    Note:
    • An AI user can be configured as part of user identity and user identities are configured at the agentic workflow and AI agent levels.
    • The ACLs are checked with the actual conversational user, a user who has invoked the agentic workflow or the AI agent. Once the ACL check is complete, the user identities can be applied.

    Configure ACLs in AI Agent Studio

    ACLs configured in the AI Agent Studio for AI agents and agentic workflows are role-based and are of two types:
    • Allow-If: Grants access to data or resources when all the specified conditions in the ACL are met and the ACL doesn't prevent other ACLs from granting access to the same resource even if it doesn't.
    • Deny-Unless: Grants access only when the roles meet a specified condition and no other ACLs can override or grant access to that resource.

    There are three possible options for ACLs created in AI Agent Studio:

    • Any authenticated user: Grants access to any user who is authenticated on the instance, regardless of the role.
    • Users with specified roles: The default ACL option that requires you to select the roles to invoke an AI agent or an agentic workflow.
    • Public: Grants access to all users, including guests who aren’t signed in.
    Each AI agent and agentic workflow must have its own unique ACL.
    Note:
    If there are conflicting security requirements between agentic workflows, AI agents, and AI agent tools, or if the invoking user meets the criteria for some ACLs but not others, your agentic AI fails to execute. When configuring these security settings, consider all aspects of the agentic system- including the agentic workflow, AI agents, and tools.