Chapter five, administration of core application. In this chapter we'll be talking about policies and interactions, security parameters, and even the notifications, policies and interactions. Ui policy. A UI policies an alternative to client scripts, where in a rule is applied, that dynamically changes the data within a form, or in many cases changes the complete form itself. These sophisticated controls are added easily at client side, which is the browser and if implemented, changes are needed to be reflected across all views. They can be set to global on a form field.

Ui policy may be used to set it to optional or mandatory then visible or hidden or editable or read only. Once a UI policy saved a new UI policy Action List gets displayed. Data policy, a data policy facilitates the administrators to set field states as mandatory or read only. This ensures data consistency and standardization across all applications. Data policy is similar to UI policy, except the fact that UI policies are imposed on only on data passing through browser or user interface. Data policy, as the name suggests, imposes requirements on feed and record data when it is imported into ServiceNow.

Instance, or data from an external system is submitted to it via import sets. It doesn't apply to list. It is worth noting that UI and data policy don't get rid of security parameters, but rather focus Cuz I'm administering user experience. Ui action. Ui action provides the way user interacts with the form through inclusion of context menus, buttons, links, etc. Ui action customizes the form catering to specific user names.

These context menus, buttons and other elements can be scripted, making them more powerful and functionally mature. Several UI actions include combinations form links under the Related Links option, then form context menu by right clicking the form header and getting to that option. List buttons list links under the related links at the end of the list. List choices available at the end of the list and list context menu which can be accessed by by clicking a record UI action form, it is a variable under system UI. And within the UI actions module, a user can put buttons in the banner at the top of the list, or at the bottom of it using different available controls within its form. For banner buttons, user will have to check the list banner button checkbox.

Why interpret burn at the end of the list? check list bottom button checkbox. The UI action becomes active and is executed only if the active checkbox is marked. Show update checkbox shows a button on existing records, while show insert checkbox upon checking shows button on new records that haven't been inserted yet. Order field as other forms defines the sequence as to when a UI action will display UI actions with smaller order number displayed for the larger ones. business rule, a business rule is a piece of JavaScript code designed to run.

When a record is created, updated, deleted, displayed, or when a table is query the con. It can be customized to run before or after the database actions have occurred. business rules are the most common ways of controlling the behaviors of ServiceNow application. business rules are initialized and loaded at the beginning of each interaction between user and service now, a user may set global business rules which can be leveraged repetitively by multiple scripts, ignoring any underlying conditions within them. Each business rule have common parameters to be set by users, such as which table to execute upon timing of execution before After the database operation, conditions to be validated, which script to run based on the validated condition, and if it is client callable or not. If client callable setting is checked, the client can use Ajax or web technology to call that specific business rule.

A script can be viewed by scrolling down the business rule form under Advanced section. business rules are simply accessed by going to system definition and within the business rules module. The list containing all business rules is shown here. By default, the following fields are available within business rules list name, name provides the name given to the business role. table shows the table on which business rule is applied when this is visible when the business rule form, and specifies the type of business tuition for business with reference to the database operation, business route can be set to perform before display async or after the database operation. Active.

It confirms that the business rule is active or not order it shows the sequence in which business rules should run. In case of multiple rules, the one with the lowest order number will execute first updated shows the last data time when the business rule was updated. process flow of business rules. business rules differ from clients grips on the fact that they are constantly applied to records no matter where their access from like forms list or web services. Unlike client scripts, which are only implied through form editing, business rules don't work in real time as well. That is neither they want to form fields nor records while they are being in added or updated the wind farm leader displays a crucial role in customizing settings for business tools.

The different options provided in business rules form for the same are described in here. After after condition, let's execute the business rule after a record is saved into the database async or cute? In this arrangement, the client and the server work independently and interdependency to wait for each other is finished before before addition, lets us execute the business rule before a record is saved into the database display. This property is used to build client scripts that require Server data through shared scratchpad object called g underscore scratchpad. Which is not part of the display record. This scratchpad object is also sent To client as part of the forum global business rules, a business rule is set to global by choosing the table field as global, marking the business rule as available to all tables within ServiceNow.

It is not recommended to have global business rules, but rather use script include, which are loaded upon users requests. There are business rules loaded and initialized before the start of any interaction between user and platform. The condition field in global business rules is ignored, making it run on every interaction, no matter empirical script incorporated in it possibly contained within functions. This system resources making it slower and efficient. global business rules which have scripts within functions can be called by other scripts that may be running elsewhere. The best possible use case for these is to define functions repetitively used by different scripts.

Both client scripts and business rules are common methods to control the behavior and set values automatically. However, each offers their distinct features and advantages. The major difference among the two is that while business rules are constantly applied to records by any means, such as Forbes, list or others, clients prefer applied only when access through forums. scripting ServiceNow uses software as a service model where a web browser acts as the client. A client is an application or system which acts as a server to use the functionalities provided by a server. On the other hand, is the computer program running one or more services.

Blindside scripts are usually synchronous does Making the user wait to complete round trips before between the client server interactions. Client script client scripts refer to the JavaScript code snippets that are sent to a browser and are executed there itself. Rather than on server. A client script is used in case of database lookup is required. They make changes to the appearance of a form by displaying different set of fields based on the value entered by user for specific needs. There are different types of client scripts for console edit, the client script can be set to fire up on sell edit, to respond to the user list editor.

Deus script would run whenever a cell on the list gets its value changed. On change. These client scripts run on specific widgets of the form and are executed only when the specified widget changes its value On load unload client scripts run once the form is first loaded, but the control is not yet given to the user to start tacking on to it. These are usually used to make changes to a document on screen at client side. on submit, this type of client scripts runs when a form is submitted. These scripts are mostly used to check the validity of content added to the form.

They may cancel the submission action to perform by returning the value as false if the content validation of the form fails. Additional information there are various areas where ServiceNow administrators can use JavaScript code. These include UI policies, UI actions, business rules, client scripts, UI macros, UI scripts, UI properties, and UI pages, among others. basic architecture General architectural view for scripting is shown in here. The client system only contains web browser. The application server along with database together constitute the data center.

Client scripts run on web browser that is the client side, while server scripts run on server machines, including the database, sample use case 5.1. In this use case, will create and modify UI policies, UI policy actions and UI actions alongside will create and test business rules as well as client scripts for this, let's open any incident and in here, like let's go to incidents instead of going here and oh, and okay sample incident and make sure That you have subcategory fields available below the Category field, right you'll be concerned with these two fields in in this particular exercise. Okay, in case it is not visible, then you have to go to the context menu go to configure. And from there the form Layout option and you can get the subcategory field as well. Okay, now, we create UI policy which will hide the subcategory field anytime category is selected as database.

So currently, the form remains as is with the change of category value. So for this context menu within incident form, we go and choose configure, and in there the UI policies. Okay. The UI policies list gets displayed and let's create a new UI policy by clicking New And adding a few details. So we're gonna put it as incident itself. And let's put a short description sub category when that category is database, okay, and know when to apply.

Within this we are going to add the condition, which is gonna be category is database. Okay, now we're going to save this form and the UI policy has been created successfully. Now we create a UI policy action. So for this we're going to scroll down and see Check the UI policy action window, which is right here. Okay, now we're going to create a new UI policy action. So we're going to hit the New button.

Now, we have the form available. And we're going to add a few details like field name, you're going to put it as subcategory right here. Okay, then do you want to put it as mandatory? And now it's not mandatory? visible? Nope.

You don't want it to be visible. And that is pretty much it. Right? Do you want to read only, I mean, let's leave it alone. And we're gonna hit submit. Now, the US policy, and its corresponding action have been saved.

Note, one UI policy may have several UI policy actions associated with it. Now to confirm with the new UI policy is working correctly, right? Let's hit update or Well, that's not needed. But we are out of the UI policy form that we had. So to test, we're gonna create a new incident. Right?

And we have all these options available right now. So we are going to put it as anybody like all the stuff, you know, the mandatory fields you're going to put data for. And for the category, let's pull this database and you'll see as soon as you did that, the subcategory field just vanished. Right, this action is rewarded as soon as the categories change to anything else besides database, let's say network, you see the subcategory p gets visible right away. Okay, so fairly simple. And that's how the UI policy in the unit policy actions are maintained within ServiceNow.

In the next part of this video, case will update a UI action to add a Save button to every form available within ServiceNow. So for this, the first and foremost step is to find the UI action responsible to save the form. And let's stay on it. And to do this, we're gonna go to, I didn't want to save this. So within system UI, we go to UI actions. Yeah, I didn't want to save this.

So that's okay. and search for the keyword. In here in the name, we're going to put it as something like Star sale based on the wildcards in everything. Okay, and you can see once you chose like the field where you want to perform the search, automatically that keyword is added into the into that particular header as well. flow, right? Only those same options are being shown.

Now let's open the Filter Expression builder by clicking this to try icon and in here instead of name, let's see the end of the list and short lead fields. Right. Okay. All right. Now, again, we're gonna go to the first condition and in here, we're gonna put it as table is global. Okay, and let's take comments contains Text Editor.

Okay, once this resulting list is displayed, open the record where comments says saves a new record. This one, right and redirects back to self. The context version, let's open this. Now in the displayed form, check the Form button as shown this one, the Form button, you're gonna select it, hit update. The UI action has now been successfully updated to include the Save button on every form. To verify this, go to incident.

Alright, go to create new and check the Save button. In the top right here. Okay, so in the next section, we create a new business rule. The business rules will facilitate display of an alert that says hooray incident has been submitted successfully. Let's create a new incident by getting to incidents create new, we are already there. And within the context menu, choose configure business rules right here.

Now in the available business rules, we are gonna create a new business rule and we're going to add a few details like the name is gonna be incident. Submit, alert. Okay and under when to run. We are going to check the insert box Anytime the insertion operation for a new incident will be taking place, then this business rule would be triggered. Okay, now, scroll down and within the actions label, we are gonna check, add a message, this checkbox, and we're gonna add the message as re incident has been submitted successfully. Right now we're going to hit submit.

To test this business rule, we'll create a new incident and enter the values for required fields at least. And we're going to hit submit and see if that the message that we just gave was actually going to be displayed or not. So put anybody you The color subcategory, let's say email short description, samples short chicken error. For submit, right, we're gonna hit submit, and you can see that it has been submitted successfully. Right now, in this section, we'll deactivate the newly created business rule and create a client script that will display the message stating that incident shall be logged after the knowledge base has been reviewed for potential solutions. Right.

So to accomplish this, we open the newly created incident again, let's see this one. And from the context menu, we're gonna go to configure and in here business rules. Okay, now over the displayed list, click the updated column to arrange all of these newly created incidents or incidents in terms of in like descending order of their updated date. Right. And we are going to open our incident submit alert, which we just created. And we're simply gonna uncheck the active button, right and the business rule is being deactivated.

Now, once this is done, we're gonna hit update. And this is done. Now to create client script, we go to incident and create new. And within the context menu, we go to configure. And in there we have the client scripts, just below the controls. Be open that now we're going to create a new script by Clicking new button right here.

And we have the form in front of us and we are going to add this the like with the particular details name, let's put it as knowledge base check, Eller, and the type is kind of the onload. So whenever you know the incident form is loaded, and in the script function we have the function onload. And this is where a little bit of, you know the Java scripting comes handy that but it's fairly simple, we're simply creating an alert. So, we're gonna put it in single quotes we put these alert as the it's a function or it's a keyword which is understood by the surface now on The JavaScript application to predefined function. And we're going to put it as incident shall be logged after the knowledge base has been reviewed for potential solutions. Okay, and a user may use the check syntax button, which is this one.

And we can with this checks index button, we can test the syntactical validity of the script. So if we do that, and looks good, right, and once we've added the script, we're gonna hit submit, and the script has been successfully created. Now to verify that it works fine. We are gonna go Incidentally, we're going to create a new incident. And whenever we go there, we get this notification saying that incident shall be locked after the knowledge base has been reviewed for potential solutions. Right.

Now to activate the client script, we're going to follow pretty much the same steps that we did, which is we go to incident create new. And then within the Configure, we go to client scripts. And you can again, use the same either you can search it with the name, or if there is, there is no updated columns, so that's totally fine. And we're gonna choose knowledge base checker, that was the name. And in here, we simply remove the active button and hit update. So the client script as you can see, if you're going to create a new incident, then that client script is not triggered anymore.

Right because it has been deactivated security parameters. In this section, we'll discuss the security of application and their underlying modules. ServiceNow provides various levels of control to provide access to relevant users for its features. An end user can create, read, update, or delete. We call this crude and we can perform these operations on a table and its records based on following access abilities. First, user authentication or login.

And users are authenticated based on user credentials and are assigned to their designated groups and roles. Second, application or module access. This is controlled via roles configured at application and module level. And last is table and field access. This is controlled by the system properties defined globally along with the table and field level access controls. Note in case row and field level rules are contrary to each other, both must satisfy to perform the operation.

Access to applications and modules is regulated but roles field as you can see in here, and in case it is left blank at the module level. Any user with access rights to application can also access the module. Security modules. There are three major security modules typically used by administrators within ServiceNow. These are under System Properties you have the security and this module incorporates advanced security options. For example, embedding scripts and customizing options attachment file size limit minutes and behaviors etc.

Next, under the system security application, the access control ACL. This module controls the access control rules and list and last within the system security application the high security settings. This module provides even higher security options usually configured for highly critical deployments. Contextual security, contextual security is prescribed by access control rules, which are accessed within system security and under it the access control module. The features within contextual security are propagated throughout ServiceNow platform. These access control rules are used to control every level in ServiceNow object hierarchy.

For example, a user can read right update or delete data only if access controls to grant user roles to these operations are set in place. Contextual security provides protection to records based on its contents. By adding roles to appropriate dictionary entry via security manager, we can secure tables and fields. Through the contextual security manager system looks for access control rules on fields or tables, and can use rules to implement them. For example, assigning a limit to attachment size, and specifying the acceptable file format. Access Control.

This is the rule assigned at the row level. The record and column level the field which gets executed while any table is accessed. The access control list ACL contains all access controls for a table Each access control defines the record or table type, the operation that is being attempted to secure and a unique object ID. ACL is implied on a table and in context with its data. Note, access controls implement most of the security settings for ServiceNow platform. And access control consists of two parts.

Firstly, the description of entity being secured, which is the table or the record, and secondly, the description or rights required to access that entity. The features of ACL include first, a secure mechanism to create read, write, or delete operations for rows or columns of ServiceNow tables. Second, inbuilt flexibility where user defined several components and evaluate them to be true Last, the efficient management through contextual security manager ACL rules. ACL rules control the data accessibility for relevant users along with the methodology to access it. These rules require users to pass certain requirements to access particular data. Each ACL rule identifies the object being secured along with its access permissions.

The access form pretty much looks like as shown in here. As for the definition as well, there are three ways in which ACLs are defined. First is roles. Under the required roles label, a user may put certain roles and users who have at least one of the mentioned roles will be able to perform requested operation second conditional expression below require growth section. The access control form contains a condition widget where conditions that user may want to impose on ACL can be added. Only those resources which meet the prescribed condition can perform the operation.

An example of a conditional expression may include category to be database. Last is script. Customize user scripts can be added to ACL form. The area to add script gets visible only if the advanced checkbox in the ACL form is checked. Script accesses the current record and sets a global answer variable to allow or deny the operation. Note all the three mentioned checks must evaluate to true to perform requested operation.

Wildcard, a user can put wildcards the asterisk into the name fields of ECM form, which will imply that the rule is applicable to all fields of the table other than the ones with their explicit rules. And in here as shown in the picture, the asterisk wildcard allows user to save this template, all fields within incident table. In many cases, the ACL form would specifically include the field names such as incident dot urgency, or you know something like that, wherein users can perform operations only to be providing free like urgency in the case that I just mentioned. In case of conflicting multiple rules, explicit rules take precedence and operation is permitted accordingly. Example for page level access to incident dot urgency field allowing only admin role you user's to write to the field versus our role level access on entire incident table allowing write operations on all fields, the former explicit rule will proceed or the latter.

This means the right operation to urgency field within incident table will not be true for all users. Only the admin users will be able to do access control workflow. Once the user wishes to access an object, system checks for its corresponding ACL rules. If no ACL rules match, the security checks are not needed and user is simply granted the access to it. Also system provides access control rules to restrict access to all database and personalized operations by default. After a match is found for ACL rule, the user is evaluated for the required permissions that is Does the user possess required rule or meet the condition and execute the script?

If all rules are met, user is granted access to the object. In case any rule permission is not met, the access to the object is denied for the user. No note the sequence of execution is influenced by the order field value. ACL matching ACL rules are executed by first checking the object match against field ACL rules and then against table is your rules. For the former option, which is the field ACL rule match, the order follower is as follows. First, the table and its field name is matched example incident color.

Next, the parent table and the provided key name is matched example the parent table for incident is gas so gas color color. Next, any table that is a wild card and the provided field name is matched example asterisk color. Next table and any claim is matched example incident dot star. So all the fields within the incident table in this case. Next, the parent table is matched with any field. Example tap dot star.

And finally, any table is matched with any field example asterisk dot asterisk. One, any evaluation results to true ServiceNow stops easier route processing and passes on to table ACL rules. The user must pass both ACL rules and evaluated for permission to be granted access to the object high security settings for an ongoing ServiceNow session, a user can be granted Security Administration role. This is enabled by clicking this padlock icon on the banner frame. And features for the security administration role include the ports one is a single streamlined interface with consolidated system security parameters. Second, a security underscore admin role addition and last elevated privileges provision.

Additional Information Security Administration row corresponds to ACL modifications, which adds a key system level ACL and alongside provides property access control. Sample use case 5.2 in this use case will provide access to an application and module to a specific role. Alongside will create access controls rule to allow as well as restrict read access for rows or columns. So firstly, we'll create a new user called z Nic user and a new group called z RTA users. And later we'll assign this group to a new row. And we're going to call this new les z prototype underscore read.

So first, to create the user guru user administration. And within it the users, let's see users right here. And because we have to create the new user, so we click New. Now, you're going to add some information to this new user forum. So for user ID, let's put See, Nick dot user. First Name is kind of be Nick.

And last name is user. Let's put the password as password as I always do. And let's put email as See, Nick, dot user for va.com. And etc. So if you remember in the previous use case we added Save Current to all the forms so we can simply save it from here. Okay, and you see that you get a new like primary email device created for the user.

This notification should be displayed, which confirms that the record has been saved. Now we're going to scroll down to the groups tab. Right here and we're going to create a new to the new group we are going to add the name as z RPM users. Okay, and that is pretty much it, we're gonna just hit Submit in here. So you can see that the user the group ID belongs to have been successfully created. However, there are no rules assigned to the group yet.

Next, let's restrict the access to application the sap prototype application if you remember to just admin role and for this search for SAP keyword, if you remember, in here, right and right click on it guru edit application menu. Now in the content frame, choose the Edit option, which is besides the rules field. Currently, because it's in a totally different application, we have to put it in the global application. And to do that, we simply click here, and now this form becomes editable. Okay, now, we're going to edit the roles field. And in here, let's take this out.

And you see on top we have the admin role in here. So just put it in the selected pane. And that's it. All we do is hit Done. And since we can see that now the roses admin, all you have to do is hit the update column. This will save all the recent changes we just made.

Now, we're going to scroll down to the application form and click this V RP prototypes module right Because the application currently has two modules, and we're gonna get in here. And now, two, we're gonna, first of all, click here to edit this record to make it editable. And this is actually like the scope of the application, we have to increase it in scope to be able to make any edits to the forum. Right. So once this is done, then within the module form, we are going to click on Edit option next to the roles field in here, okay, and you're gonna remove the current user. And that's it.

You're going to hit done, and we're going to update so now, like all the what we have done is we In the module, we don't have any restriction, right, but at the application, all the admins can access the application. So if what we have done within the ServiceNow is that anybody who has access to the application will automatically have access to that module as well, because module doesn't have any specific conditions on its own. Right. Now, we are pretty much done in here and to see if the security setting that we put is working fine or not, we have to impersonate as Nick user and try accessing the sap application. Let's do that. Let's search for Nick user.

Ivrs here So if you see, we don't have the sap application available in here. Right? That means because Nick user is not an admin user yet. Okay, so means our restriction works perfectly fine. In the next section, we'll create a role called z prototype underscore read and assign this role to the Z RP users group. So to do this first, let's impersonate back to the system administrator.

And now in the user administration, we are gonna go to the rules. Okay, and since this is gonna be a new role, so we're gonna hit New and as I mentioned before, the name is gonna be see. prototype underscore drink. Okay, nothing else is mandatory. So just hit submit, and the new role has been created. Okay.

Now to assign this to group, we go to user administration and within into groups, you can see it right here itself. And in here we have the Z RPA users group. This one, so we're gonna open it, and we're gonna, in case needed, we're gonna scroll down and we're going to get to the Rules tab. We're going to hit Edit button in here. And the one that we just created the room that we just created, which is the prototype underscore Redrow, we're going to add that. So it's right here.

Just get it to the VIP users group. Stand up and go up and hit save. Now you can see that you're adding roles introductory to scenic user, because that was the only question He was part of that group and their role that means for the whole group, the RT users to this whole, the role that we just created has been added. Right? This is like the inherent feature, right? We already discussed this before that all the users within a group will automatically get access or those roles, those privileges, which are added to the board group.

And this is a very good and neat way of doing stuff as well. Okay, so to add the Z RPA, to the prototype read role to the SP application itself, search for the application in the application navigator, which is SAP ation. And we're again going to choose the editor application when you write in the displayed form. We the edit the roles field value, choose the zebra type read role. So we can again, edit it and we have The admin role as a PM, you're gonna team that out. And zipporah Creed role is what we're gonna put in there.

Hit Done. Okay, and we're going to save this we're going to update it as well. So edit it. And now you can see the role has been successfully added to the application as well as to the group. Now, to test the Configure security parameters, we are again gonna impersonate back as Nick user. And we're going to see if this time we have the access to the sap application or not.

You can see as it is already there. And despite the accessibility to application, user cannot access its underlying data, that is z RP prototypes module. And message saying security constraints prevent access to request a page will be displayed like this. Now recreate read access rights for the table, which will have like the RP prototype is the key word. And for the role z prototype underscore read. So for this, let's impersonate back to system administrator.

And also will create ACL rules for which security admin role needs to be enabled. Right. And for this, the first and foremost thing we need to do is click on the padlock icon which is on the parent frame next to the impersonation icon. We select the security admin role and we hit OK. You see that now the padlock is open, which means the security admin role has been granted for this particular session. Right. Now, after this, we go to we search for ACL and we go to system security and within it the access control.

And in here, we're going to search for RPA. So this is the one and this is Gonna make changes to the one with whether operation is read. And the table name is the Z RP prototype. Right, that's what it ends in red. So I'm going to click on this to open this particular record. And I'm going to scroll down to see the required roles available as of yet, right in case we need to make any changes, we have to click here.

And now, once we go down, we see that required roles in here, we simply double click here to edit this and we are going to add our role, the role that we just created. Right. So kind of the deeper dive and discovery and we just save it and screen and to update Click on the Update button. Okay. So, we have got the new role added within our ACL rule now, and to test the same again we are going to impersonate back to the NIC user right. So, we go there and now we go for our SAP application and within it the CRP arrives and you can see that this time, you get to see all the data within the CRP prototypes module.

However, if you open any record, then you only have read only access right. So this can be confirmed again, if you open any of the records and you can see that the security parameters are all correct and are in place. Now, in the last section will create security parameters for Key level accessibility. In the first section, let's, let's create access control through to make our Gen Z field in an incident form visible only to administrators. Right? That's what we're going to do.

So we're going to impersonate back to our system administrator. And we're going to make sure that our security admin role is active by clicking on the padlock and hitting ok by checking the security admin role. Now, we're going to go to incident and we're going to create a new incident. Right? And in here, you can see that you have all these fields available, and you have the urgency field as well. Right.

So what we're going to do is we're going to right click on the urgency label, right, which is right here, and we're going to choose configure security option right Now within the security mechanic window, we choose read option in this operation to secure field. Right. And in the selected panel here, we are going to send the admin role. Okay, now we're going to hit OK. And just a quick thing to note that the notification displayed below shows that existing rule rules on incident may override this definition. And this simply states that there may be restrictions such as role level, which may hinder data accessibility to certain user groups, despite the new security parameter being set up. In other words, both role level and field level rules must be met to gain access to the specified operation.

Okay. Tip complete, one is complete, you simply can click Close here. And at last, let's create another access control through to make open by field, this field and a table only by admin role. Right. And I guess you can do that. That's a quick exercise.

That in case the open by field is not available, first of all, you can go to the Configure option and in the form layout, you can get this field. And to make this field editable only by the admin people, we go to configure security, right, instead of in here, the operation we're gonna choose the right operation, which will be secured the admin role, and we're gonna hit OK. I hope you guys got it. So we're gonna close it, and pretty much all set. Now once saved, we can close the security mechanic window and everything is done and Security parameters for field level access have now been configured successfully. Now to verify impersonate as any user, other than the ones with admin role assigned, and open any incident, check that the form display doesn't have urgency field wide open by field is non editable.

You can check that out yourself. Events and notifications, events and notifications will provide user with acknowledgement messages to confirm successful or unsuccessful operations carried out by them. An event refers to the indication for service now process that some action has taken place even can be caused by one of the two following reasons. First, user actions operations such as logging into the ServiceNow environment, approving or denying catalog or service requests Attachment modifications etc. And second is scripts, which includes the business rules and workflows. ServiceNow provides a series of baseline events, which includes more than 275 events already configured to the application instance at user's disposal.

All these events have a standard response associated with them. possible options among these responses include changing the value of field within records, creating new record altogether or simply logging a message. At each moment information, all event definitions can be found under the performance analytics application. within it, we have the system option and then the event registry module. And they exist within the event registry table which is sis event underscore register. Event Log service now A log of all events generated within the instance these can be accessed under system policy and within it the events and finally the event log module.

These events are stored within events table, which is this event. By using naming naming convention, the events are named in the following format, the table name dot specific event name, example user dot view or session dot established or something like that. Additional information ServiceNow system administrators are mostly focused on four fields. First is created the date and time when event was created and added as table record. Then name which is of course the name of the event generated and parent one and parent two you can see on the right in the image as well and these are the parameter values packed into the event. flow of events are notifications.

Although there are various ways in which events can be generated. The most common methods include business rules and workflow actions. All generated events are placed into a pool of events called event queue. There are multiple event queues maintained, but all events are accessible via event log. generating an event simply refers to its addition in the event queue and no further action beyond that. To take actions, it is needed to respond to the events.

These are classified as first script actions. These are the scripts running on the server to respond to the generated events. These script actions are backed up by the JavaScript API to perform any intended operations and second is email the applications. These are the messages sent to users online or via SMS or meeting invites. Notification. Notifications are the display messages triggered by events on ServiceNow platform to alert users of the event.

But unlike business rules, they don't require prior knowledge of scripting. These may also be created during insert or update record operations. ServiceNow provides notification capability in the form of email, SMS messages on mobile phones, and meeting invitations, which can be received by configured users and or voluntary notification recipients. Notification tasks. There are five separate notification tasks that need to be completed to configure notification capability successfully within a platform. These are described in here First email properties configuration.

In the email properties user needs to set the protocol for email server access. This includes the SMTP and pop three email server settings. ServiceNow provides a default ServiceNow mail server settings which need not be changed unless user intends to put specific mail server properties in here. Second, events and business rules creation. This is an optional step where a user can add custom events and use it within business rules to trigger notifications. This provides an extension to existing base ServiceNow capabilities.

However, the events must be used within business rules to make use of them. Next, notifications creation, users can create notifications based on the ones Provided by default, or new notifications altogether catering to their specific needs. Next, email address configuration and notification subscription. Service now provides an additional plugin which is optional, called subscription based notifications wherein a user can subscribe to the notifications he or she wishes to receive. system administrators can configure the target audience and implement delivery methodology for notifications. Last, create or update ServiceNow records through email.

ServiceNow platform provides the capability of inbound email actions, wherein assigned tasks such as creating new users allocating tasks to users updating or creating incidents or problems or change requests etc. Based on the valid conditions and filters get executed. It works Pretty much as a business rule with conditions as underlying spread. Once the notification is triggered a business rule logging the associated event also runs. To create an email notification, following steps need to be followed. First, go to System policy and within the email and finally the notifications module, then provide a name to the notification.

Then choose the table onto which action monitoring will be done. Whenever the specified action on this table gets executed notification will be displayed. The fourth step is to scroll down and under went to send tab. Choose the operation like inserted or updated could be anything to specify the notification triggering action with the next step, like who will receive provides the option to configure the user group who will be receiving the notification they Last, the what it will contain tab provides the contents to be incorporated within the notification message. Additional information, the active checkbox must be checked to ensure the notification is turned on in runtime environment. Who will receive this tab within the notification form supports dot walking.

Dot walking is the process of getting information from a series of field references from different tables using.as the separator These are two options within within this tab. The first is the users. In case notifications need to be sent out to several users for an incident update operation, such as user who opened the incident and user to whom incident is assigned to the type opened by and assigned to you if the user feel that needs to be Difference doesn't exist in the current table, let's say assigned to dot manager, then use the keyword current before the field name followed by a dot sign. This makes the value as current dot assigned to dot manager. Right, and the next is groups. Same as users.

In case the group field that needs to be referenced as an existing current table, we add the current keyword followed by a period. Before the field name example current dot assigned group dot manager. Notification content. The content of a notification message may include static as well as dynamic data. The syntax to add dynamic which is like at runtime data is as follows. We have $1 sign, and then in curly braces, we put in the field name in here, the field value of the record gets added to the notification content.

All other text which is not enclosed within the curly braces is simply displayed as S which means it is static content. Users may also include HTML tags to Format Data or add other elements to it. example if we put in these these brackets, we put the I, which means the data will be displayed in italics format style and the field for which the tax format formatting would be done would be the urgency field the data within the urgency field. Similarly, we may have like img src equals to HTTP, like HTTP and then your instance and slash image dot g if and this will add the image graphic to the notification content which is available within your ServiceNow instance. email templates. ServiceNow provides the capability to create an email template, which provides more standardization to the process and makes it reusable with multiple notifications.

They can contain generic message content and header information like subject that can be used multiple times by different notification configurations. A template can simply be added by looking up for it within the email template field. Note any values within the other fields of notification content will overwrite the template. email templates can be accessed in system policy application within the email title and under it the templates module and added into the wallet will contain tab within the notification form as we discussed before SMS alerts ServiceNow supports email notifications to be sent out to specified users via short messaging service, commonly known known as SMS. Usually in a production environment. SMS feature is used to notify users of highly critical operation updates, which require immediate user attention.

Since email may be too slow, a user may navigate to the HTTP then your instance URL slash CMS underscore notify underscore service underscore provider underscore list.do. To enable more service providers utilizing this capability, a user may also add his or her specific service provider in case it's not available within the default service providers. Sample use case 5.3 in this use case will perform the queue operations in a legible sequence. Firstly, we observe a business rule related to a high priority event. And then based on it will create notification. The notification will then be configured to be sent out via email as well as SMS.

So, the scenario is consider that the Z prod the product development manager has decided to monitor all priority one change requests by receiving an email each time a change request is generated or changed to priority one which is the critical operations. The first and foremost step for this is to find and observe the business rule that triggers the P one change requests. So, for this, we go to System definition within business rules in here You're going to search for change events business rule, right? All right, we see right here, so we're going to open it. Now, we're going to scroll down and in case needed and we are going to get to the Advanced tab, which is right here. And this advanced tab is gonna get us to the view to view the underlying scripts for the business role.

Now, we're going to locate the code that generates an event for payment tasks, which is going to be let's scroll down. And let's see this one, change our priority that one. This code confirms that the event name generated in case of insertion or modification of priority one tasks is change. Got priority dot mon. let's locate this event within the registry entry. So for this, we're going to go to System policy and within it the events, okay.

And registry let's actually look for registry directly some policy events and registry, right change dot Peridot policy evening, right so we're going to search for that particular event and let's hit render, and we have that event in here. So for any event to generate notifications or record in registry list is mandatory. And this record confirmed that a notification is generated for even task notifications. Right. Next we'll create a notification for z fraud manager right to accomplish This, we go to System notification. And within it we have email and notifications.

This was just to confirm right? system verification, email notifications, right, and we're gonna create the new notifications, we're going to hit me. On the display form, we're going to enter the following details. So for name, let's put it as p one change notification. Okay, for the table, we are going to add change underscore request. So that's gonna be right here.

Okay, and we're gonna scroll down to make sure the when to send tab is currently being displayed, and we're gonna click on the, like in here, we're gonna click the advanced view, which is under the Related Links, right? So click this one. And the form gets an advanced view, retaining all the previously entered information. Right. So now under the when to send tab, you're going to enter the following information, right send When, when, when the event is fired, right. And even name like that is displayed after the previous option is chosen, right, which is going to be changed top priority, if you remember, we just taught one right here, which was the correct name as well.

And we're going to hit save from the context menu to save this information right here. Okay, now we'll switch to who will receive that. And we're going to add the Z broad to the users. So for this, we're not we're gonna unlock the users And let's see fraud, right zebra, okay. And lastly, we're going to switch to what it will contain tab right in here, and we're going to add a subject to the form as change in priority one. So okay, now to the right of this tab, the panel select variables is used to enter the dynamic content to the notification message.

Right, you can see the Select variables in here. So you can expand it a little bit more. And we're gonna click on the variable to add it to the message content. So for this particular exercise, let's add a description, right description and number of variables. So in the message HTML box, which is this one, so let's look for this. So all we got to do is just click here and the description like a label and the field name has been added to the message HTML Fox.

Now we're also going to add the other variable which is going to be the number Rex add because we want to have the number also right which is right here. We click here and the same process. Right now we're going to hit update to save changes to the form. Perfect. Now to test whether the Configure notifications are received by the appropriate user, change a priority one change request by our Creator prior to one change request for this time This will be done by going to change. And in here, we're gonna go to create new, right?

And we're gonna get this form that you know which type of change request you want to create. So you can create anyone with a normal or emergency, you can create normal as well, that's totally fine. And we have the form in front of us, right? And in this one, we're going to set the priority to one critical, right, and let's put a short description as testing notification. And the description is going to be same thing, testing notification email to the T, four T one request. All right, now, all you got to do is click some additional information.

It takes approximately one minute for an email message to be reflected in ServiceNow system logs. So to check the email log, we're going to go to System logs, and then emails, system logs emails. And we're going to look for the most recent record. Right, and this is changing party one, which actually happened just now. So you can see that the event log of the email log actually exists. Right?

And to verify if the email exists in outbox folder, we can go to, you know, the system mailboxes. And then the outbox and you can look at the record with the product manager email as the recipient right the product pro rp.com. That was the email Milady for that particular product manager, now, open the record on value within creative label this one, and scroll down and click Preview HTML. So once you're here, you can click on the previous human body. And this will provide, you know, how the HTML format, like as how this is sent to the user, how does gonna look like? So just, you know, occasionally make every 41 requests, the number is there as well.

Right? So it looks pretty good. I mean, the person who's gonna get the email saying that you know, something with this description, and this particular change request number has been created for priority one. criticality, right. So note, the message content displays the value of variables as configured. You can see right these were the variables that we provided.

Now, to add SMS notification capability. Let's impersonate as another one. user, you're going to impersonate as ITIL user. So for this good impersonation, and search for ITIL ITIL user and hit OK. And this person is going to is, like, let's say intends to receive notifications on a mobile device for any incident assigned to him or her. Right. So after this, like once the impersonation is done, we're going to go to self service.

Under it, we have my profile, right? And we're going to click on notification preferences, which is available within the Related Links. All right. Now, from the top right corner, we have the option to create a new device. So we're going to create a new device and let's put the name as my mobile right and phone number. You have Putting your phone number something like that.

I mean, right. And then the service provider when we got service provider is, right. So for me, it's like T Mobile. So I'm gonna search for T Mobile right here. And all you got to do is hit summer. Now to activate the required notification, simply located and activate my mobile, but whichever you want to.

And this is going to be next to like all the notifications available. So in this case, the SMS notification needs to be activated for operation, which was incident assigned to me. So we're going to look for that incident, an incident assigned to me just enabled in my mobile device right now is just whether this notification setting works fine. You can go to incident and create a new incident. So for this create new and you know, just put in all the important details that you have to. So color could be anybody subcategory, again, be anything that's totally fine.

And for short description, let's for configuration item let's put something like SAP something SRV 01, like SAP application, and then for short description and putting up as testing, incident notification for SAP application server and that is pretty much it. hit Submit to create it and you have to make sure that you submit it. And once this is done, the new incident has been created. Now, assign the incident to it user and test the notification. So you can do that by going out by being the system administrator or if you can try in here itself. And all you got to do is hit update, right just to see if once an incident has been assigned, the SMS facility works fine or not.

Now, in order to receive SMS messages, the configured mobile service provider should be able to accept emails to an address like you know, phone number at domain name calm, right like example 0001234567 where the phone number At t mobile.com. So those are the settings that need to be configured and you will receive the SMS whenever in this case the incident is assigned to you