Exploring Access Analyzer

  • Release version: Yokohama
  • Updated January 30, 2025
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Exploring Access Analyzer

    ServiceNow Access Analyzer is a ServiceNow Store application designed to help administrators analyze and view permissions for selected users, roles, or groups within their ServiceNow instance. It impersonates identity records to retrieve permission details without accessing or storing any personal or sensitive data. The tool evaluates access independently of active access policies like Zero Trust Access, focusing strictly on permission analysis rather than login policy enforcement. There are some limitations related to managed scope resources and delegated developer access.

    Show full answer Show less

    Key Features

    • Evaluate Access: Allows administrators to analyze permissions associated with users, groups, and roles across various resources such as tables, client callable script includes, UI pages, and REST endpoints.
    • Compare Access: Enables comparison of access between two users, including their records, roles, groups, and access controls. This supports root cause analysis to identify access issues and determine appropriate access levels.

    Benefits

    • Improves security posture and identity governance by clearly showing who has access to what resources.
    • Helps prevent over-provisioning of permissions, supporting the principle of least privilege.
    • Enables limitation of access to specific data elements such as applications, tables, rows, or columns.
    • Provides reporting capabilities to document access analysis results.
    • Supports compliance and risk management objectives by clarifying user permissions.
    • Facilitates determination of the right level of access for users, enhancing access control accuracy.

    Analyze identities on the ServiceNow instance.

    ServiceNow Access Analyzer is an application that helps the administrators to view permissions for the selected user, role, or group.

    Note:
    • Access Analyzer is a ServiceNow Store product. Visit the ServiceNow Store website to view all the available apps and for information about submitting requests to the store.
    • Access Analyzer impersonates the identity record to retrieve details about the permissions and doesn’t read or store any personal or sensitive data of the identity.
    • Access Analyzer evaluation results are the same irrespective of any access policies defined for the users such as Zero trust access (ZTA). The policies are only evaluated during the actual user login and aren’t evaluated during the access analyzer flow.
    • Access Analyzer has limitations in accurately evaluating access of the resources related to managed scope resources and delegated developer.

    Evaluate Access

    Evaluate Access is a capability of the ServiceNow Access Analyzer, which helps the administrators to view permissions for the selected user, role, or group.

    It enables you to analyze and view the permissions of users, groups, roles for a table, client callable script includes, UI pages, and REST endpoints.

    Using Access Analyzer, organizations can improve their security posture, identity governance, risk management, achieve their compliance goals, and understand who (identity) has access to what (resources).

    Compare Access

    Compare Access is a capability of the ServiceNow Access Analyzer V2, which enables administrators to compare user access and determine the right level of access for the users on your ServiceNow instance.

    Compare Access can be perform between the users for the user records and access control.

    Compare Access enables you to perform the following analysis:

    • Level 1: Compare user records to understand the attributes, roles, and groups.
    • Level 2: Compare access controls to run the root cause analysis by finding access issues.

    Benefits

    The following are some of the benefits of using the Access Analyzer:

    • Analyze access to resources (tables).
    • Compare the access of 2 users.
    • Compare the roles and groups of 2 users.
    • Generate a report showing whether an identity has access to a resource (table).
    • Understand who has access for critical security hygiene.
    • Help to prevent from over-provisioning permissions.
    • Achieve the least privilege principals when implementing access controls.
    • Limit access to certain data, which includes applications, tables, rows or columns, and other resources.
    • Provide reporting capabilities for the analyzer results.
    • Compare access between user records and access controls.
    • Determine the right level of access for users on your ServiceNow instance.