Exploring Access Analyzer
Summarize
Summary of Exploring Access Analyzer
The ServiceNow Access Analyzer is a powerful application designed for administrators to analyze and view permissions associated with users, roles, or groups within the ServiceNow instance. It does so by impersonating identity records to retrieve permission details without storing any personal or sensitive data. This tool ensures consistent evaluation results that are unaffected by access policies like Zero Trust Access (ZTA).
Show less
Key Features
- Evaluate Access: Administrators can view permissions related to various resources including tables, client callable scripts, UI pages, and REST endpoints.
- Compare Access: This feature enables the comparison of user access levels and roles. It includes:
- Level 1: Comparison of user records to check attributes, roles, and groups.
- Level 2: Analysis of access controls to identify and resolve access issues.
Key Outcomes
- Enhances security posture and identity governance.
- Facilitates compliance goals by understanding access levels.
- Prevents over-provisioning of permissions, supporting the principle of least privilege.
- Enables focused access control to specific data resources.
- Provides reporting capabilities to clarify access evaluations.
Analyze identities on the ServiceNow instance.
ServiceNow Access Analyzer is an application that helps the administrators to view permissions for the selected user, role, or group.
- Access Analyzer is a ServiceNow Store product. Visit the ServiceNow Store website to view all the available apps and for information about submitting requests to the store.
- Access Analyzer impersonates the identity record to retrieve details about the permissions and doesn’t read or store any personal or sensitive data of the identity.
- Access Analyzer evaluation results are the same irrespective of any access policies defined for the users such as Zero trust access (ZTA). The policies are only evaluated during the actual user login and aren’t evaluated during the access analyzer flow.
- Access Analyzer has limitations in accurately evaluating access of the resources related to managed scope resources and delegated developer.
Evaluate Access
Evaluate Access is a capability of the ServiceNow Access Analyzer, which helps the administrators to view permissions for the selected user, role, or group.
It enables you to analyze and view the permissions of users, groups, roles for a table, client callable script includes, UI pages, and REST endpoints.
Using Access Analyzer, organizations can improve their security posture, identity governance, risk management, achieve their compliance goals, and understand who (identity) has access to what (resources).
Compare Access
Compare Access is a capability of the ServiceNow Access Analyzer V2, which enables administrators to compare user access and determine the right level of access for the users on your ServiceNow instance.
Compare Access can be perform between the users for the user records and access control.
Compare Access enables you to perform the following analysis:
- Level 1: Compare user records to understand the attributes, roles, and groups.
- Level 2: Compare access controls to run the root cause analysis by finding access issues.
Benefits
The following are some of the benefits of using the Access Analyzer:
- Analyze access to resources (tables).
- Compare the access of 2 users.
- Compare the roles and groups of 2 users.
- Generate a report showing whether an identity has access to a resource (table).
- Understand who has access for critical security hygiene.
- Help to prevent from over-provisioning permissions.
- Achieve the least privilege principals when implementing access controls.
- Limit access to certain data, which includes applications, tables, rows or columns, and other resources.
- Provide reporting capabilities for the analyzer results.
- Compare access between user records and access controls.
- Determine the right level of access for users on your ServiceNow instance.