Thank you for your feedback.
Form temporarily unavailable. Please try again or contact to submit your comments.

HR security

Log in to subscribe to topics and get notified when content changes.

HR security

HR Service Delivery provides Restricted Caller Access, Encryption Support, and Edge Encryption security features.

Restricted caller access for HR

Restricted caller access (RCA) defines cross-scope access to HR Service Delivery applications.

RCA is available to help secure sensitive information in HR scoped tables and script include APIs. Without RCA, tables that are not private to a scope are susceptible to queries by any server-side script.

The Scoped Application Restricted Caller Access [com.glide.scope.access.restricted_caller] plugin is activated during the HR application installation or upgrade.
Caller tracking
This setting is recommended for the development stage. Access is allowed to tables and script includes, but tracked in the Restricted Caller Access table. Access information can be viewed from Application Restricted Caller Access.
Caller restriction
This setting is recommended for the production phase after development is complete.

To define cross-scope access to an application resource, refer to Define cross-scope access to an application resource.

Encryption Support for HR and Employee Document Management

HR Service Delivery and Employee Document Management provides encryption support to secure sensitive information.

To encrypt employee documents or fields in HR, activate the Encryption Support [com.glide.encryption] plugin. Encryption prevents unauthorized users from downloading and viewing employee documents or viewing specific fields.

After the plugin has been activated:
  • Reveal the Encryption Context field to the sn_hr_ef.encryption_context role.
    Note: The base system does not reveal the Encryption Context field on the Role form. This field defines the encryption key used to encrypt fields and documents. Also, ensure the Application field has Employee Document Management selected. See Roles.
  • From the Encryption Context field, select an existing or add an encryption context. See Set up encryption contexts.
  • Add the sn_hr_ef.encryption_context role to the user adding employee documents. Users with this role can access encrypted documents.
  • Employees can view their own documents when HR Service Delivery is licensed, activated, and the document type allows employee access. The sn_hr_ef.encryption_context role is not required for employees to view their own documents that are encrypted. See Define policies for a document type.
Note: Documents created prior to plugin activation are not encrypted.

See Encryption Support.

Edge Encryption for HR and Employee Document Management

HR Service Delivery and Employee Document Management provides edge encryption to secure sensitive information.

Edge encryption provides you with direct control over your data security. Encryption and key management are performed on your intranet between your browser and your ServiceNow instance.

See Understanding Edge Encryption.

Because edge encryption is enabled on a proxy server on your side of the network, there is significant planning, network administration and management, and setup required.

See Planning for Edge Encryption.

To install edge encryption, see Edge Encryption installation.

To configure edge encryption, see Edge Encryption configuration.

Edge encryption for HR

You can encrypt columns (fields) or attachments associated with an HR table. See Encrypt fields using encryption configurations.
Note: There are limitations when using edge encryption. See Edge Encryption limitations.