Thank you for your feedback.
Form temporarily unavailable. Please try again or contact docfeedback@servicenow.com to submit your comments.

Define cross-scope access to an application resource

Log in to subscribe to topics and get notified when content changes.

Define cross-scope access to an application resource

Admin users can track cross-scope requests for access to an application resource, and approve or deny requests.

Before you begin

If you enable application administration for the target application, only application administrators of the target application can set access to an application. If application administration is not enabled, an admin user can set access to an application.
Role required: admin or application admin
Note: To learn about application-specific administrator roles and delegated development, see Access control rules in application administration apps and Delegated development and deployment.

Procedure

  1. To define access to an application resource, navigate to the application resource record. Available application resources include:
    • Table
    • Script Include
  2. Set the Accessible from field to All application scopes.
    If set to This application scope only, no other application scopes can access the resource.
  3. Select the appropriate access level in the Caller Access field.
    OptionDescription
    None Cross-scope calls to the resource are approved or denied based on the value of the Accessible from field.
    Caller Restriction Calls to the resource must be manually approved. Access requests are tracked in the Restricted Caller Access table with a status of Requested.
    Caller Tracking Calls to the resource are automatically approved. Calls are tracked in the Restricted Caller Access table with a status of Allowed.
  4. Allow or deny an access request from a calling application.
    If a cross-scope application attempts to access a resource set to Caller Restriction, a record is created in the Restricted Caller Access table with a Requested status. An admin user or application administrator must allow or deny the request.

    If a calling resource changes, the restricted caller access record status changes to Invalidated. An admin user or application administrator must update the status to Allowed or Denied.

    1. In the application record, navigate to the Restricted Caller Access Privileges tab.
    2. In the Status column, set the value from Requested to Allowed or Denied.
    Once a calling script is allowed, all subsequent calls are allowed.
Feedback