Last year we showed everyone how easy it is to build an application on the #ServiceNow platform using App Engine Studio (AES).
This year the focus will be on the capabilities of #ServiceNowCreatorStudio – this tool is designed with non-developers in mind, offering a guided, intuitive environment for building request-based applications. It breaks down the traditional barriers to app development, making it accessible for business process experts to bring their automation ideas to life. This tool is not intended to replace existing development tools like App Engine Studio, but to complement them by providing a new entry point for app creation.
Transform your ideas into real-world solutions with #BuildWithCreatorStudio. Whether you’re new to ServiceNow, a low-code developer, a business analyst, or a full-stack engineer, anyone is allowed to participate. Ready to get creative and have some fun together? 😁
Join me this year for this exciting challenge. Rise to the #BuildWithCreatorStudio Challenge and earn exclusive swag!
Governance, Risk, and Compliance, entities can be people, processes, departments, applications, or objects, whose exposure must be managed. These entities have controls that are defined to view the status.
To understand entities, consider the following example. Assume you are a new GRC user and you want to implement a change management process to all your critical financial systems. All the systems can be considered as individual entities. Map all the systems to an entity class called Financial. Have an entity type filter for critical financial systems to determine the systems that are identified as critical.
The primary benefit of creating entities is that you can maintain accountability because each entity has an owner. To understand this benefit, assume that you want to configure all the servers in a new way. After you finish the configuration, you perform an audit and then discover that only one server failed to comply with the new configuration. If you had not defined all the entities, then the entire audit result would have been deemed as failed. But because you have the entities defined, then only the non-compliant server entity and its identified owner are held accountable instead of all the servers.
Having defined entities ensures that the entity owners can be identified and that appropriate controls can be applied to those entities. It also helps in tracking the entities that are non-compliant. Any entity that has child entities can be said to have downstream entities. Any entity that has parent entities can be said to have upstream entities.
Take the following entity class model as example:
We have a Company that contains Departments that contains Business Services, Business Applications and Business Process. In GRC this are called “downstream entities”. This model is called “Dependency Model” and can be achieved by setting up the “Entity Class hierarchy”. You can visualise the model by accessing the “GRC Workbench”.
For this exercise, we will create 3 entities to match the above model and generate their respective risks.
Entity
Class
Wrangu
Company
Information Security
Department
Enterprise Risk Management
Business Process
List of entities
Risk
Entity
Statement
Disruption to the business due to critical infrastructure unavailability
Wrangu
Business Continuity and Disruption
Inability to retain key employees may result in the departments inability to achieve objectives.
Information Security
Loss of Key Personnel
Unauthorized actions have been detected
Enterprise Risk
Unauthorized actions
List of risks
Steps
Create a client callable script include called “GRCReporting” – make sure its you’ve checked the ‘Client callable’.
Copy the following code into it.
var GRCReporting = Class.create();
GRCReporting.prototype = Object.extendsObject(global.AbstractAjaxProcessor, {
getDownstreamProfileIDs: function(profileID) {
return new sn_grc.GRCProfileLists().getDownstreamProfileIDs(profileID);
},
type: 'GRCReporting'
});
Create your reports
Create a report against the Risk table (sn_risk_risk)
In the filter condition type the following “Entity > Sys Id” contains “javascript:new sn_grc.sn_grc.GRCReporting().getDownstreamProfileIDs(<Entity SysId>);”. In this example, I’ve used the entity Wrangu.
If you’re just starting your Next Experience journey, then you’ve come to the right place. This guide (Next Experience Quick Start Guide – ServiceNow Community) will help you understand what Next Experience is, how it works in tandem with our Workspace UI, and is a great place to return to as our products evolve over time.
Before you get started
Before you get started with Next Experience, check and consider the following documentation:
ServiceNow did an amazing job introducing workspace into our world, the links above are kind of live savers, they are so well documented full of best practises, recommendations and tips.
Current scenario
I am going to improve the “Response Tasks” on the Risk Portal. This our view from the backend (https://instance.service-now.com/nav_to.do?uri=sysapproval_approver.do?sys_id=0f676330db361d1021e7dd18f496195d). We have 2 OOB UI actions for record manipulation (“Update” and “Delete”) and 2 UI actions to update the state (“Approve” and “Reject”).
This is our current view on Risk Portal (https://instance.service-now.com/now/risk/portal/record/sn_risk_response_task/809623fcdbf21d1021e7dd18f496198a/sub/record/sysapproval_approver/0f676330db361d1021e7dd18f496195d). We still have the OOB UI actions, but we are missing the 2 UI actions to update the state.
Steps
Inspect the UI action “Approve” button to get the gsft_id.
Clone the UI action for “Approve” and “Reject”.
Create UX Form Action “Approve” and “Reject” and pointed to our custom UI actions. All these actions should be pointing to the sysapproval_approver table.
Create a UX Form Action Group (or UX Actions Layout Group) called “approval actions” where type = Split Button and actions are Approve and Reject.
In the UX Form Action Group record related items, create a new UX Form Actions Layout (sys_ux_form_action_layout_item) record. I named “Approval Actions” and this is responsible to display the button in the form.
Through the related lists of the UX Form Layout Item record, create a new Action Layout record. Focus on the “Action Layout Items”, that’s the most important thing here. This connection must exist.
The result will be:
Summary
The link How to use UI Actions in Workspaces – ServiceNow Community and Introduction to Declarative Actions – ServiceNow Community gave me enough to follow the breadcrumb trail and yes workspaces can be ready. We have few fields missing in the forms (we just need to update the view) and sometimes the UI actions do not behave the same but after few smoke tests the workspace can be ready. This is the perfect time to avoid lift and shift. This is a great o opportunity to re-imagine and improve the experience.
Bottom line is UI Actions are supported in both agent and configurable workspaces, but only in limited areas, such as the Action Bar component which is provided by default on the out-of-the-box record page. This means that UI Actions are only supported on forms in workspaces and not lists.
ServiceNow introduced a new concept called “Declarative actions”. What are they? Declarative actions are similar to platform UI Actions to add buttons on a form, etc. UI Actions are only exposed in the Action Bar component in Workspace, etc. experiences so the use cases are limited. Declarative Actions can be used in the Action Bar component on a record, related lists, lists, etc. without having to modify the page in UI Builder itself. By using Declarative Actions and not adding buttons to a page in UI Builder, you are making your upgrade experience better as Declarative Actions do not customize an OOTB UI Builder page. Instead, by creating Declarative Actions you are creating the necessary records needed in your own app scope.
A new version of the GRC plugins were published on the store, upgraded from version 14 to 15.
Plugin
Latest known version
Publish date
Compatibility
Release notes
GRC: Profile
15.0.3
Aug 04, 2022
RomeSan DiegoTokyo
NewAbility to have entity class rule based on a condition builderSync entity owner field to associated risks and controlsChangedsn_grc.reader role does not contain sn_grc.business_user role.sn_grc.user will contain sn_grc.business_user role.FixedIn child tables, the attachment option is accessible for non-confidential usersScript error coming from indicator_static_support_data_taskTypographical error in OOB GRC business rule script error messageGRC Developer role description must be updatedThe security-related properties under GRC Properties are not coming in orderThe user is also able to read the data of the parent user group when access groups are set as the child user groupACL added by the GRC: Profiles plugin is breaking the visibility of Information Objects in APMAll sys metadata tables required the update_sync attribute
GRC: Audit Management
15.0.2
Aug 04, 2022
RomeSan DiegoTokyo
NewCategorize Audit Engagements, Audit Tasks, Control Tests, etc. based on Functional Domains like IT Compliance and Risk, Privacy, etc.FixedWhen an Engagement is Closed Incomplete, related Control Tests are still Open.Audit Manager should not be allowed to Close an Engagement when related Tasks are Open.When we create a test template, unable to select the Control Objective field values which have lengthier display names.Security constraints on Client Callable script includes.When an Engagement is created from Entity form, newly created Engagement is not coming up in Downstream Engagements of Entity.
GRC: Advanced Risk Assessment
15.0.1
Aug 04, 2022
RomeSan DiegoTokyo
NewAssessors can evaluate controls by design and operational effectivenessFixedTranslation-related bug fixes
GRC: Common Workspace Elements
15.0.5
Aug 04, 2022
RomeSan DiegoTokyo
NewCategorize GRC Objects based on Functional Domains like IT Risk and Compliance, Privacy, etc.FixedTasks page — Tool tip of dropdown in “My group tasks” tab showing null Breadcrumbs aren’t showing the exact navigation in employee center when navigating to record from list view
GRC: Policy and Compliance Management
15.0.1
Aug 04, 2022
RomeSan DiegoTokyo
NewPerform Advanced Risk Assessments on Policy Exceptions.Categorize Compliance Objects like Policies, Authority Documents, Control Objectives, Citations, Controls, etc. based on Functional Domain like IT Compliance and Risk, Privacy, etc.The compliance Manager/Compliance Analyst should be able to reuse existing Evidences collected on other GRC objects.ChangedRole hierarchy changes: GRC Reader role will not be part of the Business User role. Changed all the ACLs, Modules, etc. accordingly.Added Expired substate for Closed Policy Exceptions to indicate Policy Exception is Approved and Valid to date has crossed.Reason code can be modified after Policy Exception is Approved.Policy Exceptions submitted from Service Portal or Employee Service Center should go through Verification Approvals when Verification Rule is configured.The Requester should be able to extend Policy Exception more than once based on a configuration property.FixedLocalization issues.Incorrect due date on Policy Acknowledgements.Manually Retired controls are moved to Draft state when the Policy is published.States in which Controls are considered to be Active.On Impacted Controls for Policy Exceptions: Add/Add all buttons are not coming up.On Controls, Open Issues are not updated when a new issue is created.Policy Exception is created even though Valid from and Valid to dates are the same.GRC Business user is able to move the policy exception to Analyze state even though verification approvals are configured.Description of auto-created Policy exception created from PACE exception is truncated.The Retire button should not be present on the KB article related to Policy.
I found an issue with you might not be aware but since most of the implementations are multi-language (i18n) I would like to highlight this topic to save time for the next one.
The ServiceNow platform supports multiple languages, using UTF-8 for international characters. Language support is available when at least one language plugin has been activated, as described in Activate a language.
According to ServiceNow,
“When a user logs in, the language for the instance session is determined by the following logic:
If the language selection at login is enabled, that language is used.
If not, the language preference selected using the language picker in the header bar is used.
If not, the language setting in the User [sys_user] table is used.
If none of the above are true, the system default language is used.
Some areas of the system are not translated, including journal fields, report titles, and any field that stores free-form text. These fields remain in the language used to create them. When creating a custom field, you must add the labels in the Field Label table because they are not added automatically.”
But.. the translation is not as black and white as it is being presented.
I found that the Risk Criteria field (out of the box its a translated field) lost his sorting capability on a list view or on a list report when we have more than one language set on the system. By checking the dictionary entry, I was able to check only the English label has been created for the field and said so, you are only able to sort the column if your user language is in English.
As you can notice, the order of the records is not affected when I try to sort the column by ASC or DESC:
To solve the issue,
Go to System Localization > Translated Name/Fields.
Create an entry for each Risk Criteria (sn_risk_criteria) available according to your language.
Voila, problem solved – try to use the sorting again, now you should be able to sort your columns.
I was trying to search for comments or posts around this plugin upgrade version (11.0.3) but it seems it did slipper somehow.
ServiceNow introduced the new role “GRC Business User” in the latest release (11.0.3) and added to all users in the system. Yes, there is no way to stop that to happen (I raised a hi ticket) but there is a KB article that explains the reason behind this change and helps you to rollback this change in case: https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB0864247
GRC Business Users
The Governance, Risk, and Compliance (GRC) product line requires action from many users who do not have a traditional product role, such as Compliance Reader or Risk Reader. Even the reader roles allow access to the product module, dashboard, reports, and read-only table access.
To improve the internal security of the product, we created a dedicated GRC Business User role. This role should be assigned to users who require access only to GRC applications in the context of performing tasks assigned to them; for example, a business user who needs to respond to an attestation or risk assessment. Users with the GRC Business User role are provided limited access to data and to information relevant to the tasks assigned to them.
The number of users assigned to the GRC Business User role does not impact product licensing. Product licensing is based on the number of users that perform GRC operations as opposed to the number of users with a role that allows access to GRC operations.
Important note: To keep the product behavior consistent on upgrade, we initially assign the GRC Business User role to all users in the sys_user table by adding them to the GRC Business Users group. We do this to match the previous product behavior that tasks such as attestations can be assigned to any internal employee. You can remove users from the GRC Business User role to restrict access for specific users.
I have improved ootb script to be more defensive and used an on demand schedule job to avoid to get the process hang during execution. That way the process would not be associated to an UI session and would run in the background without interruptions.
Please use below script to delete all users from GRC Business Users group :
Steps:
1. Create a fix script called “Remove GRC Business User to all users” Application: GRC: Profile Script:
var rec = new GlideRecord('sysauto_script');
rec.get('name', 'remove_users_to_grc_business_group');
gs.executeNow(rec);
2. Create a Scheduled Execution Job (sysauto_script) called “remove_users_to_grc_business_group“
Application: GRC: Profile
Run as: Administrator
Run: On Demand
Script:
var grGroup = new GlideRecord('sys_user_group');
if (grGroup.get('053cd11a5bda50106d8012300a81c721')) // ensure the group exists and we do not skip the addQuery condition
{
var grMember = new GlideRecord('sys_user_grmember');
grMember.addQuery('group', '053cd11a5bda50106d8012300a81c721');
grMember.query();
gs.info("KB0864247 - There are " + grMember.getRowCount() + " members of the GRC Business Users group");
while(grMember.next())
{
gs.info("KB0864247 - We are deleting user: " + grMember.user.getDisplayValue() + " - from the group: " + grMember.group.getDisplayValue());
grMember.deleteRecord();
}
}
3. Execute the fix script.
If you have any questions, please let me know! Happy GRCommanding
I had few incidents in the past when entities get inactivated by mistake so I decided to leverage our entity management and improve UX to allow them (managers) to receive a popup message before they proceed with inactivation of an entity
Steps:
Mark “Active” as read-only at dictionary level.
Change your scope to “GRC: Profile”.
Go to Profile [sn_grc_profile] and create a UI action called “Mark as inactive” with the following conditions:
Name: Mark as inactive Action name: entity_retire Form button: true Show insert: true Show update: true Form style: destructive List style: destructive Client: true
Onclick: confirmAndRetireEntity() Condition: gs.getUser().hasRole(‘sn_grc.manager’) && current.active == true Script: function confirmAndRetireEntity() { var gwt = new GwtMessage(); var title = gwt.getMessage('When a entity is retired, all related risks and controls are retired. Are you sure you want to continue?'); var modal = new GlideModal("sn_grc_retire_popup", false, 600, 450); modal.setTitle(gwt.getMessage('Confirmation')); modal.setPreference('sysparm_title', title); modal.setPreference('sysparm_sysid', g_form.getUniqueValue()); modal.setBackdropStatic(true); modal.setPreference('focusTrap', true); modal.setPreference('action_name', 'entity_retire'); modal.render(); return false; } if (typeof window == 'undefined') updateStatus(); function updateStatus() { current.setValue('active', 'false'); current.update(); action.setRedirectURL(current); }
Result:
Note:
1. This pop up can be widely used (its generic) but it was originally created for Policies.
2. You need to create another button called “Mark as active” to perform the opposite behavior of this UI action. I gave “entity_enroll” as action name, change condition to run only on inactive records, change function name “confirmAndEnrollEntity()”, change line to “current.setValue(‘active’,’true’)” and thats it.
The article below is intended for any person customize their Notifications. A working Javascript and HTML is useful but not required.
Introduction
We often focus on getting job done and ready to be delivered. Of course this is important but sometimes we need more than just doing it. In the following article, we will look how to automate and centralize data in one place in order to become scalable and easier to find and edit.
Here’s a few things we will cover:
Use Case
Example
Automate properties (sys_properties)System properties store configuration information that rarely or never changes. Each time you change or add a system property, the system flushes the cache to keep all nodes in the cluster in synch. This cache flush has a very high performance cost for one to 10 minutes, which can potentially cause an outage if done excessively. To prevent such outages, do not use a system property to store configuration information that changes more than once or twice a month.
I usually update the “From” field.
Use email templates (sysevent_email_template)Enable administrators to create reusable content for the subject line and message body of email notifications.
Usually I define a mail_script (to use a standard style for all notifications), define subject and message.
Use Case Walkthrough
Use Case #1: Automate properties
In the Navigation filter, enter sys_properties.list.The entire list of properties in the System Properties [sys_properties] table appears.
Verify that the property does not exist by searching for the property name.
Click New. Usually I use “company.default.notification.from”.
Complete the System Property form. Type: String Value: Community Article <email@service-now.com>
Navigate to System Definition > Business Rules.
Click New.
Fill in the fields, as appropriate. Tab When to run When: Before On Insert (check) On Update (check) Tab Advanced current.from = gs.getProperty(“company.default.notification.from”); gs.addInfoMessage(‘Loaded company.default.notification.from value’);
Use Case #2: Create a Template and assign to the Notification
Navigate to System Policy > Email > Templates.
Click New.
Fill in the form fields (see table).
In the “Message HTML”, usually I call a default stylesheet just in case of I need to change any HTML tag (font, size, etc).
Navigate to System Notification > Email > Notifications Email Scripts.
Click New: “Notification_email.styles”
On the your email script: var stylesheet = new GlideRecord (‘sp_css’); stylesheet.get(‘name’,’company_email_notifications.css’); //Stylesheet for email styling template.print(‘<div><style>’ + stylesheet.css + ‘</style></div>’);
3. Navigate to System Notification > Email > Notifications. 4. Open the email notification record that should use the template. 5. Navigate to the What it will contain section. 6. From the Email template field, select the appropriate template. 7. Click Update.
Conclusion
System properties are not limited to just Notifications, they’re part of the NOW Platform and can include anything we have in the Platform. Try to automate your instance and try to centralize all your “customer” data in one place.
Use all the tools at your disposal to make that happen.
The article below is intended for any person who is getting started with CSM or wants to do user management.
A working Javascript and HTML is useful but not required.
Leave a comment whenever you feel is missing any relevant information in this article.
Introduction
Since I started to use Customer Service module this always has been a struggle, quite hard to find a proper answer nowadays about best practises and how user management should be set up. Said that, my goal on this article is to provide you full picture how CSM was originally designed and how to get the most of it. I will update this article as often as I can with all information I collected so far.
According to ServiceNow documentation, Customer Service Management application enables you to route cases to available customer service agents with the necessary skill sets. Agents can make use of response templates and search tools to search the knowledge base and community and provide timely, informative responses to customers.
Customer information includes the account and contact information for a customer or partner.
An account is a supported external customer and the Account form stores the customer’s information, including the company name, contact names, addresses, phone numbers, and web and email addresses. An account can be a customer account, a partner account, or both.
A contact is a user who is an employee of an account. A contact record stores information about a contact, such as the name, phone number, email and web address. An account can have multiple contacts but a contact can be associated with only one account. A contact can have one or more associated assets and service contracts. A contact can also have a user ID and can log in to the customer portal.
An account can have one or more associated assets, service contracts, entitlements, and SLAs. An account can also be associated with the following entities:
case
contact
service contract
entitlement
asset
A partner is a supported external customer that, in turn, sells to and supports one or more customers. A partner account record stores information about a partner’s company, similar to a customer account. On a partner account record, the Partner field is enabled. A partner can report and manage cases on behalf of customers. A partner can also be a customer.
Ok, that’s what is described on the official documentation but what’s really happening in the background?
Understanding user classes
When you mark a table as extendable, you are also adding a second system field: Class [sys_class_name] — System Class Name. It contains the name of the table that the record represents. The sys_id field uniquely identifies a record. In the case of an extended table, the sys_id field is actually stored in two places: on both the parent and child tables. The platform joins both together whenever you query the child table and the field sys_class_name is added on the parent table.
In other words, sys_class_name is to extend sys_user table to “User”, “Contact” or “Consumer”. When a User record is saved with class User , we get the details from SYS_USER table. When a User record is saved with class ‘Contact’, we get details from extended SYS_USER and CUSTOMER_CONTACT table. The customer_contact table have some related lists such “Tickets”, Locations”, Social Profiles”.
Since my client is a B2B, for the moment I will not cover the consumer scenario on this article.
As far I am aware, all admin should have a “User” class assigned and all customers and agents should have “Contact” assigned.
The Customer Service Management application provides the ability to establish different types of relationships between partners, customers, and contacts. These relationships make account and asset management easy and flexible. The following types of customer service relationships are available. (link here). This will help to create a relationship such “regions” to your parent accounts providing a kind of hierachy parent-child to a specific account.
Permissions
Security is the mother of all mothers and nowadays that’s a buzz word. An administrator usually does this kind of questions:
If I want to someone to use my application, what roles they need?
If I want to someone support the cases, what roles they really need?
Customer Service Management includes both internal and external user roles. Internal user roles are for agents and agent managers using the Customer Service Management application. External user roles are for customers and partners using the customer portal.
Here’s roles you need to set up to your Agents or Customers:
Use Case
Roles
AgentAn agent is an employee of the company.Class: User
snc_internalsn_customer_service_agentsn_esm_agent
CustomerA customer is a user who is an employee of an account.Class: Contact
Note: Thank you @Kavita for helping me sorting this out. I was banging my head against the table over the reason of existence of this class. The official documentation provided lists all the roles available OOTB and how they should be used. Only customers should be contacts.
The following table provides all roles available OOTB and how they are set up.
Remember that all examples I provide is for a B2B scenario and for that reason the consumer roles is not included or mentioned. Therefore they’ve a very similar behaviour to the customers.
The Customer Service Management application provides the ability to establish different types of relationships between partners, customers, and contacts. These relationships make account and asset management easy and flexible. The following types of customer service relationships are available. (link here). This will help to create a relationship such “regions” to your parent accounts providing a kind of hierachy parent-child to a specific account.
Conclusions
There’s a gap in the documentation explaning how this module should properly work. I will try to cover the maxium I can in order to be easier in the future to set up a Customer Service Mgt scenario.
tests whether the table data.table has attribute with the name glide.security.ui.filter. No standart tables has the attribute. So you can just remove the part of code. If you do want to use the code, that you have to rewrite the fragment to get the same information about attributes of the table in alternative way.
I posted in my answer on the question the code of small function isTableAttributeEqualValue. The code shows how one can get attributes of table. You need just modify the last line of the code to use only return gr.next(). The resulting function will looks as following
function isTableHasAttribute (tableName, attributeName) {
var gr = new GlideRecord("sys_schema_attribute_m2m");
gr.addQuery("schema.name", tableName); // "Dictionary Entry"."Table"
gr.addQuery("attribute.name", attributeName); // "Attribute"."Name"
gr.query();
return gr.next();
}
Then you can use isTableHasAttribute(data.table, “glide.security.ui.filter”) instead of GlideTableDescriptor.get(data.table).getED().hasAttribute(“glide.security.ui.filter”).
"Being a Jedi is not just about power, or lightsabers, or even skill with the Force. It is about connection. Being part of something bigger. I am stronger as part of the Jedi Order than I could ever be alone."
