Protecting data with contextual security rules
The first few chapters showed how data could be protected using business rules and Data Policies and that forms can be manipulated with Client Scripts and UI Policies. For example, a script can be used to ensure that you can write to a field only when the task is open. For a better experience, it'd be best to do it both on the server (to ensure that the browser didn't cheat) and the interface (to give feedback to the user). Wonderfully, Contextual Security helps with both!
ServiceNow has two different security managers. These protect data as it leaves and enters the instance. The simple security manager controls who can update a field through roles. The Dictionary entry for each field has several list fields where roles are selected: one each for create
, read
, write
, and delete
. However, this doesn't give you any flexibility over when these actions can occur. If you have the role, you can perform the action at any time.
Tip
CRUD, or create, read...