Data security filters

The infernal error

Servicenow has it’s baggage of issue over the years, but none so infuriating and long standing as this one.

Number of rows removed from this list by Security constraints.

If you ever searched this error you would find very few solution(s). Even ServiceNow would simply suggest that you apply a Before Query businesss rule on the table to modify the query sent to DB layer. The Query Business Rule ( QBR ) is functional but it slows down the querying.

The good news is that, starting Yokohama release ServiceNow has introduced a new feature “Security Data Filters”.

Key Aspects of Security Data Filters:

• Applied at the Database Query Level: Unlike ACLs, which filter data after retrieval, SDFs prevent restricted records from being queried in the first place.
• Contextual Filtering: Filters can be defined based on roles, groups, or dynamic conditions.
• Performance Benefits: Because they operate at the query level, SDFs can be more efficient than ACLs in large datasets.
• Independent of Standard ACLs: Even if an ACL grants access, an SDF could still block a user from seeing certain records.

Let’s create a Security Data filter to understand how it works

Problem statement

• We have a table x_646800_case_case
• We have an Read ACL with condition that it can be read by user(s) who case is assigned to assigned_to=DynamicMe
• When a user were to access the list of cases, they would see the error shown at top of this blog entry.

Solution

• Create a new Data Security Fitler ( you need to have elevated privileges for this)

• Fill out the form as shown below

Table Name - Preselected
Mode - Filter if security attribute condition met
Filter - Assigned to = is (dynamic) Me

• Save and Reload the list the case list

• End result is that user would only see the records where they are assinged-to

That’s all folks