CONTENTS

1)Views…………………………………………………………………2
2)Performance of ServiceNow instances……………………….7
3)Difference b/w Watchlist & worknotes list………………….11
4)Get logged in user count into servicenow instance……...12
5)Collection field…………………………………………………….14
6)Related List…………………………………………………………15
7)Locked out Users………………………………………………….18
8)Filter out&& is not…………………………………………………20
9)hasrole&hasroles&hasroleexactly……………………………..21
10)user administration questions…………………………………22
11)table administration questions………………………………..29
12)tables………………….…………………………………………….40
13)Update sets………………………………………………………..45
15)ACL………………………………………………………………..…47
16)Servicenow Adminstration……………………………………..60
17)Servicenow Development……………………………………….63

Page 1 of 69
1)How To Create a New List View & Form View in
ServiceNow?

What are views?

Views are ways to display fields according to user roles and needs. Both
forms and lists have view options. As an admin, you can create, modify,
delete, and add conditional applications of views in forms and lists. It is one
of the most asked questions and has been viewed 27600 times.

Every table has box views, such as default and advanced views. In this
article, I will demonstrate views based on the incident table. In both, click on
the Ham icon (three lines) and go to the Views context menu, as shown in the
images below.

 Users with the admin or view_changer roles can change views.

 Based on roles, admin & users can switch between views by clicking the
list context menu at the top left corner of the list and then selecting Views
> [Desired View].

Default List View

Default Form View

Remember – Switching views submits the form, which saves all changes and triggers
any onSubmit client scripts that apply.

Page 2 of 69
How do I create or modify a form view?

Please follow the below steps carefully

 Navigate to the table you want to create or delete the view

 Open a record, then right-click the header and select Configure > Form
Layout

 To modify/ update the view first select the view and then the section and
then finally move the fields in the slush bucket

 To create a new view, go to the View name choice list, and select New.

 As soon as you click on New, it asks for the name of the view. give the
name you want such as “Demo view”. Click Ok.

Page 3 of 69
 After clicking OK, a default section with the same name as the table is
created, you can add/ remove fields from it.

 Add a new section by clicking on “New” in the section choices and then it
prompts for the section name. Provide a name and add/ remove the fields
as per your need.

 Like this, you can add any number of sections and finally click on Save. It
will redirect you to the form and you can check your view with updated
details.
How do I create or modify a list view?

Page 4 of 69
It is almost the same procedure as for form view. Just open the table in list
view, right-click on the list header and go to Configure-> List layout.

 Rest all the steps are same as for form view create/ update.
What are the view rules in ServiceNow?

So now you know how to create/ modify/ delete a view in servicenow.

Generally, all the views are available for ITIL/ admin users. However, in
case you want to restrict a set of users to a particular view, in that case, view
rules come into the picture.

Following are the pointers about view rules that you have to consider before
making a view rule-

 View rules do not apply to users who have no role.

 View rules do not always apply if there are existing user preference entries
on the instance.
 Delete the user preference entry and clear the system cache to make sure
the respective view rule applies
Steps to create a view rule in servicenow

 Navigate to All > System UI > View Rules

 Click New
 Complete the form, using the fields in the table.
 Click Submit.
Adding sysID column in List View

 Open your instance

Page 5 of 69
 Go to System UI -> Lists
 Find the Table, View & User (if any), where you want to display sysID
 Open that record
 Scroll down, in the List Elements-> Click New Button
 In Element field, enter “sys_id” (database name of sysID)
 Add Position in the Position field (where you want to display sysID)
 Submit or save the record
 Now Clear the cache (cache.do)
 Open the List and you can see sysID in the list.

Adding sysID column in the Form View

Adding in the form needs a few more steps, let’s discuss.

 Open your instance

 Go to System UI -> Forms
 Find the Table, View & User (if any), where you want to display sysID
 Open that record
 Open the section where you want to add the sysID field (Sys UI
Section)
 Scroll down, in the List Elements-> Click New Button
 In Element field, enter “sys_id” (database name of sysID)
 Add Position in the Position field (where you want to display sysID)
 Submit or save the record
 Now Clear the cache (cache.do)
 Open that form view and you see the sysID.

Page 6 of 69
2)How To Boost Performance Of ServiceNow
Instances?

How does ServiceNow instance performance degrade?

There are various ways to degrade your instance’s performance. I’m listing a
few of them below.

 Infrastructural issues: We use instance as SAAS, so if anything is wrong

at the service now side, such as an outage, internet issue, etc., it will
impact us and may result in performance issues.
 Local Issues: You may find your instance slow because of local issues
such as internet downtime, cache issues, cookie issues, etc.
 Usage Issues: During peak times when the number of logged-in users is
higher than expected, it may increase the query execution t ime.
 Scheduled Activity: The System may get slow due to any planned activity
such as an upgrade, patching, import, deployment, etc.
 Settings: There are certain basic settings that help improve the
performance of your instance.
 Configurations: User defined configurations such as scripts, properties,
POCs, etc. may cause performance issues.
 User preferences: Certain user preferences may cause delayed services
than expected.
If you have any others, please enlighten others in the comment section.

What are the repercussions of performance degradations?

A performance issue may cause some serious damage to the organization

both internally & externally. Lets discuss few of such impacts:-

 Loss Of Revenue – Any performance issue ultimately lead to loss of

revenue because services are not available at that time.
 Loss Of Customer – Such issues raises customer unrest and may lead
customer to stop/ reduce number of transactions
 Loss Of Business – It register loss for both customer and service provider
as well.
 Customer Dissatisfaction – It accounts in huge dissatisfaction among
customers which may stop using services or find any other alternatives.
 SLA Breaches – In case of services, teams are unable to perform as per
there schedule and finally lead to breech in contracts.
 Service unavailability – Most of the critical service are either not
accessible or least available during performance issues

Page 7 of 69
 Bad publicity – Frequent service interruptions because of performance
issues may cause bad publicity w.r.t to the product/ service/ company.
If you have any other please enlighten others in comment section.

Practices to improve instance performance?

User preferences play a significant role to maintain the timely and on time
availability of services. Lets discuss few of them.

Row Count

 setting a rowcount impact a lot because it has to run a query every time
we open list view.
 It is applicable to other areas such as homepages, all list, reports, related
lists etc.
 Setting rowcount 50, 100 may triggered a long running query and result
in performance degradation.
 Imaging 100 people asking for list for same table 50 times a day with
rowcount as 100 (Eg. Incident table in case of customer support groups)
 Hence a low rowcount would be the best. 20 is default by servicenow but
you can change it accordingly to 10 or max 50.
 Try avoid 100

 You can modify these choices as well by updating the list in properties.
 Go to property – glide. ui.per_page and make changes as per our
convenience.
Homepages To Dashboard

 A homepage is a collection of multiple widgets that display results from

multiple tables.
 Any homepage first load all the data from all the widgets and then display
in to the client.
 Suppose you have a homepage with 10 widgets fetching data from incident
& cmdb tables. So in this case when data from all 10 widgets is fetched
then only system render the result and display it to the client.
Page 8 of 69
 As cmdb is huge table, it is possible to encounter long running queries.
and it happen every time you go to the homepage.
 The best option to avoid this to turn homepage into dashboard.
Features of Dashboard

 It executes only the visible portion of dashboard.

 So if user scroll and a widget is visible than only the query get executed
and data is available.
 Dashboards are more manageable i.e. use tab option to manage it more
comprehensively.
 Query from active tab will be executed and save lots of resources.
 It provides significant boost to the performance as compared to
homepages.

Load Related List When Needed

 When any form load the related list loads utomatically.

 Unless all the related lists are loaded the form is not accessible and it
results in performance degradation.
 Because these related list can be from huge tables such as cmdb, logs etc.
 In majority of cases user does not bother about the related list but only
want to make changes in the form.
 Like rowcount this may cause slow running queries and utilize resources
unnecessarily.
 We have the option to load related list after the form loads.
 Go to property glide.ui.defer_related_lists. Opting this will loads the
related lists after the form has loaded.
 This can greatly increases the response time of forms.
 User will see the form data almost immediately.
 You can set properties at the global level, which are then overridden by the
user preference (if a user has explicitly chosen a different setting).

Page 9 of 69
 Set the display setting under user preferences and modify the values.
Three values are available –
o Load Related list with form
o Load Related list on demand
o Load Related list after the form loads

3)Difference between Watch List and Work Notes

List ServiceNow?

Both the Watch List and Work Notes List have been extensively used in the
ITSM process.

Page 10 of 69
Watch List Work Notes List

Users added to the Work Notes List will receive email updates when the ticket’s Work Notes field is The Work Notes List feature is available on Incidents.
updated and when the state changes (e.g., upon closure).

It is used for Collaborating with other fulfillers & Collaborating with users outside of ServiceNow. It is used for Collaborating with other fulfillers & Collaborating with
users outside of ServiceNow.

It used for Collaborating with other fulfillers & Collaborating with users outside of ServiceNow It is used for Collaborating with other fulfillers & Collaborating with
users outside of ServiceNow.

4)Get Logged-In User Count Into ServiceNow

Instance?

It is quite common in servicenow to get the list of logged in users into

servicenow instance. I got the same requirement for the purpose of a
requirement where we have to barred users into instance for some time till
the deployment is complete.

So, there are multiple ways to get this information.

Page 11 of 69
First Solution

First one is User Sessions [v_user_session] table

 The “v_user_session” table dynamically gets populated with the user’s

sessions.
 ServiceNow stores all of its configurations in the database, but logged -in
sessions is actually part of the application layer and not the storage layer.
 As such, it’s reading the logged-in sessions from the Java application. As
the applications run on each individual mode and the nodes themselves do
not communicate with one another, all the logged-in users in the table
show that you are the logged-in user on the application node that you’re
on.
Second Solution

 Go to sys_user_session table-
o We can get the ‘current‘ logged-in users from the entire instance, by
filtering on “Name is not Empty” AND “Invalidated is Empty“.
o The sys_user_session.invalidated column will be empty, as long as the
related user session is active.
o When the session becomes inactive (either by logging out, or session
being destroyed by the platform – based on the value of
‘glide.ui.session_timeout’ system
property), sys_user_session.invalidated will be populated with the
session end timestamp.
 Normally “Logged in users” module under “User Administration” will
give you the correct number of users logged in. But when Multi
SSO/Single Sign-on is enabled, this module doesn’t show the correct
information.
You can find the users logged in by following the steps below:

1. Go to xmlstats.do with include=sessions

o Example: http://appxxxxx.service-
now.com:xxxxx/xmlstats.do?include=sessions
2. In the <sessions> tag
o logged_in parameter shows how many users are currently logged in to
this node.

Page 12 of 69
5)Have You Used ServiceNow Collection Field?
What is a collection type?

 It is one of the ServiceNow field types available.

 But you can’t create any custom fields using this type.
 When anyone creates a new table, the system automatically creates a
collection field with no label and no name.
 As per documentation, any collection field represents a table rather than a
field on the table.
 It means if we make any changes in the attributes, configurations of the
field, the changes will be seen on the whole table.
 It should be noted that for one table, there will be only one collection
field.

Page 13 of 69
How do I create a Collection Type Field?

 It is not allowed to create custom fields of this type.

 It will be created automatically whenever a table is created
 Only one field per table is allowed.
Changing Attributes for the Collection Field?

We tried changing the read-only attribute for the corresponding incident

collection table field.

And yes, all incident tables are read-only.

6)All About ServiceNow Related Lists

What are related lists?

Related lists are a way to show relationships between one table and another.
For example, a user record can have relationships with attachments,
incidents, problems, CI, or many other types of tables.

Page 14 of 69
So, all these associated records are listed in a related list and can be
displayed at the bottom of the form.

Types of related lists

 One-to-many related lists

 many-to-many type related list
 defined type-related lists.
One-To-Many Related List

 It is the simplest and most common type of related list.

 This means you can have many of one kind of record all related to a single
record in another table.
 For example, think of a mango tree where one tree has many mangos
connected to it.
 If we look at it in the database, there would be two tables: one is Tree and
the other is Mangos, and one tree can have many mangos, but each mango
can have one tree.

 To accomplish this, the system uses a reference field type from a form to
build this relationship.
 It means there is a field on the Mango table with a reference to the tree
table, and based on that field pointing from one table to another, we can
imply a one-to-many relationship.
System example of one-to-many

 A simple example is from the incident table, where we can see a one-to-
many relationship between the incident table and the task table, and the
reference field here is the parent field.

Page 15 of 69
Many-To-Many Related List

 A many-To-Many related list allows each record from one object to be

linked to multiple records from another object, and vice versa.
 In the same example of a mango tree, let’s say there are multiple mango
trees with lots of mangos on it.
 There are many workers who are picking mangoes from more than one
tree.
 Hence, it is a many-to-many relationship because many workers are
picking many trees.

System example of Many-To-Many

 These types of related lists are not created automatically

 They need to be created and configured
 There are two types of many-to-many in the system
o sys_m2m, which users can configure
o sys_collection, which is out of the box, and it is not recommended to
make any changes here by users.
 To see your system’s many-to-many related lists, go to sys_m2m.list,” i.e.,
the Many to Many Definitions table.

Page 16 of 69
 The most common example is the user and role table.
 Here, one user can pick many roles, and one role can be assigned to many
users.
 Finally, we can see this under the sys_user_has_role table.
Defined Related List

 These related lists have shown based on the conditions

 For example, attachment related lists
 You can see a list of all attachments of a particular record in the
attachment table.
 You can see these configured related lists under System Definition-
>Relationships.

Page 17 of 69
7)How To Lockout Users In ServiceNow?

Why do we lock out users?

There are many reasons to lock out users from a ServiceNow instance. Lets
enumerate it below:

 To do some custom activity

 To block users from logging in for some time
 During configuring, upgrading, patch installation, etc
 For security reasons

Ways to lock out users?

There are many ways, and in this article we discuss two of them.

Using user records

 To lock out a user from user record, go to User Administration -> Users -
> Open User record
 Go to the Locked Out Checkbox and check it.

 After this, ,if the user is logged IN , he will be locked out immediately and
will not be able to login until the flag is removed.
 When user try to login he get a error message and login denied.

Page 18 of 69
 This is a kind of permanent locking out of the users for as long as the
admin wants.
 However, the user record is Active.
Lockout Users Using Scripting (One-Time Lockout)

 This is a one time lockout

 Using below script will instantly lock out the user and terminate the user
session
GlideSessions.lockOutSessionsInAllNodes("user_name");

 Just provide the user_name and execute it in background script.

 The user can login again after being locked out.

8)Does ‘Filter out’ & ‘is not’ Provide Same Result?

How do I use the “Filter Out” operator?

Page 19 of 69
 Open the List view, e.g. incident.list
 Right click on any column and click “Filter Out,” i.e. filter out
Assignment group Hardware

 As a result, it removes or filters out’ only the specified value.

 It does not remove the empty column values from the list.

How do I use the “is not” operator?

 Open the list view of any table, such as incident.list

 Open the condition builder and add he needed condition, i.e.,
active=true^assignment_group!=8a5055c9c61122780043563ef53438e3

 As a result, it removes hardware groups from the list

 It also removes any empty values.

Page 20 of 69
 9)How hasRole, hasRoles, hasRoleExactly
Differentiates?

gs.hasRole() gs.hasRoles() gs.hasRoleExactly()

This method checks if a user has a specific role When you need to validate whether a user has multiple roles, In some cases, you may require strict role matching.
assigned to them. hasRoles comes to the rescue.

It’s perfect for scenarios where you want to verify if a This function allows you to verify if a user holds any of the This is where HasRoleExactly shines It checks if a user
user possesses a particular role before granting access specified roles. It’s handy when you want to grant access has the exact set of roles provided, ensuring that no
to certain features or functionality. based on a set of roles rather than a single one. additional roles are present.

Use hasRole to perform role-based checks for Utilize hasRoles when validating multiple roles. Use hasRoleExactly when you need precise role-based
individual roles authorization.

10)ServiceNow User Administration Interview

Questions 2024

Provide an overview of ServiceNow user administration

 It is basically
o Manage the individuals who can access servicenow instances by
defining them as users in the system.
o Creating users, groups, and roles provides a flexible and scalable way
to manage access to features on the Now Platform.

Page 21 of 69
 o By creating user accounts, assigning users to groups, and defining roles
and permissions, administrators can ensure that users have the
appropriate level of access to applications and data.
o This allows organizations to control access to sensitive data, maintain
compliance with regulatory requirements, and improve overall security.
Who are the users, and why do we create their accounts in
serviceNow?

 Create an account record for the individuals who have access to your
instance.
 Each user account has a unique login ID, password, and set of permissions
(roles) that define what they can do and access within the platform.
 User records establish a relationship between an individual and your
ServiceNow instance.
 User records consist of a user name, a password, and information relating
to the individual, such as contact information, location, and job title.
 User records are stored in the Users [sys_user] table.
What are groups and what are their uses in ServiceNow?

 Define groups that have similar roles or permissions.

 Groups allow you to apply permissions (roles) to multiple users at once.
 When a user is a member of a group, that user has the same permissions
that have been defined for the group
What is user administration workflow in servicenow?

 Create and maintain users on the instance

 Add users to groups to allow for easy collaboration and permissions
management
 Assign roles to manage security and ensure compliance with regulatory or
internal policies
 Manage user sessions and monitor usage on your instance
 Maintain consistency for table fields that refer to a company name, such as
a vendor or manufacturer
What are related records in ServiceNow?
Page 22 of 69
 User records are associated with records on several other tables to control
permissions, preferences, and other features.
 Few of these records are group, roles etc

Define impersonation and its uses in ServiceNow.

 Administrators can select user records for impersonation.

 Use this feature to experience the instance as another user, with that user’s
preferences and permissions.
 User impersonation can be a valuable tool for testing and troubleshooting.
 When impersonating another user, the administrator has access to exactly
what that user- can access in the system, including the same menus and
modules.
 The instance records anything the administrator does while impersonating
another user as having been done by that user
What can an administrator do with user sessions?

 With user session management, an administrator can view and terminate

individual user sessions,
 lock out users from the instance, and make users inactive.
 User records are also associated with transaction logs.
 Administrators can use these logs to track all browser activity for an
instance

What is user preference in ServiceNow?

 Individual users can configure many UI features, such as the number of

rows per page in a list
 These user customizations are stored as records in the User Preference
[sys_user_preference] table and are updated each time the user changes the
setting.
 Most things in the UI display according to each user’s preferences
 Go to User Administration > User Preferences for a list of user
preference records

Page 23 of 69
 Remember that Having more than 10,000 user preferences causes system
degradation and UI performance issues
What is global user preference in servicenow?

 This is the default user preference for all users

 An admin can add/modify/delete a global user preference
 It is also known as out-of-box user preference as well
 Any user can override global user preference with his personal user
preference
What is a system-wide default in user preferences?

 It is a way to indicate global or out-of-box user preferences in the

preference table
 Open the record of user preference and check the system field to be true
make that particular user preference a system-wide default

Can we capture user preferences in the update set?

 User preference records for system-wide values also called the default or
global values, are stored in update sets.
 User preference records for specific users are not stored in update sets
What are groups in ServiceNow?

 A group is a set of users who share a common purpose.

 Groups may approve change requests, resolve incidents, receive email
notifications, or perform work order tasks.
 Any business rules, assignment rules, system roles, or attributes that refer
to the group automatically apply to all group members.
 Users with the user_admin role can create and edit groups.
 Group records are stored in the Groups [sys_user_group] table.
What are the roles in ServiceNow?

 Roles control access to features and capabilities in applications and

modules.

Page 24 of 69
 The admin role provides access to all features and capabilities.
 After access has been granted to a role, all the groups or users assigned to
the role are granted access.
 Roles can contain other roles, and any access granted to a role is granted to
any role that contains it.
 When possible, simplify user administration by assigning roles to groups.
Create groups containing all the roles necessary for specific personas, then
assign users to those groups.
 Role records are stored in the Roles [sys_user_role] table.
What is web service only checks in user records?

 Select this check box to designate this user as a non-interactive user.

Can we add non-standard email addresses to the user
record?

 To enter a non-standard email address that does not pass field validation,
you must deactivate the validation script first.
 Navigate to All > System Definition > Validation Scripts.
 Select the email record.
 Clear the Active check box and save the change.
What is a User self-registration plugin?

 The User Registration Request [com. snc.user_registration] plugin allows

unregistered users to request access to a ServiceNow instance.
 An administrator can activate the plugin.
 A user can request an account by navigating to the instance. The following
section is added to the welcome screen if the plugin is installed.
What is the role of the import scheduler
[import_scheduler]?

 Import schedulers can schedule imports.

 Grant this role carefully. The import_scheduler can execute scripts with
administrator-level privileges
What is nobody role in serviceNow?

 The nobody role means that nobody has access, not even admin, or maint
users.
 Warning: Applying the nobody role may be irreversible if applied to some
important system functions.
Can we rename a role in ServiceNow?

 You cannot rename roles of any kind in the Now Platform.

 If you manually create a role, you cannot rename it once you save it.
Can an admin user grant a security_admin role?
Page 25 of 69
 To grant the admin role to a user, you must also have the admin role.
 To grant the security_admin role to a user, you must also have the
security_admin role and must elevate to the security_admin role before
granting the security_admin role to other users
What are roles delegation?

 Administrators can authorize users to be role delegators to assign roles to

users who are in a particular group.
 Role delegators can assign only the roles that are assigned to them.
What are the limitations of impersonating in ServiceNow?

 When you impersonate any user, all scope-protected roles and encryption
module roles are supported
 When you impersonate a user with an application-specific admin role (for
example, an
application admin for Human Resources or Security Incident Response),
you cannot
access features granted by the application admin role, including security
incidents, profile information, or other scope-protected features, unless
you already have those roles
 Admins cannot change the password of any user with an application admin
role.
 The following actions or conditions cause a user impersonation to end
o The user impersonates a different user
o The user session ends, for example after a user logs out of their
instance
Can we impersonate users in the mobile app also?

 Mobile impersonation is available on ServiceNow mobile apps. For

information on mobile impersonations.
How many types of impersonations are available in
ServiceNow?

 There are two types of impersonations available

o Impersonation logging for interactive sessions: Interactive sessions
are performed through the user interface (UI).
o Impersonation logging for non-interactive sessions: Non-interactive
sessions are performed by applications and scripts, not through the UI.
What is the default inactivity time for servicenow user
sessions?

 It can be set in the following property:-

o glide.ui.active.session.life_span
What are interactive users in ServiceNow?
Page 26 of 69
 New users added to the instance automatically become interactive users.
They can perform the following functions
o Use their username and password to log in to the UI or a service portal
o Connect to an instance from a URL that calls a UI page, form, or list,
for example, https://.service-now.com/incident.do
o Connect with single sign-on, for example, digest authentication or
SAML
o Use their credentials to authorize SOAP connections if allowed by strict
security
o Use their credentials for other API connections such as WSDL, JSON,
XML, or XSD without restriction
What are servicenow non-interactive users?

 Non-interactive users can only use their credentials to authorize API

connections such as JSON, SOAP, and WSDL. They cannot log in to the
ServiceNow UI.
 Non-interactive users can only connect to a ServiceNow instance from an
API protocol.
 Use this feature to set up user accounts for web service authentication
purposes.
 Non-interactive users cannot log in to an instance or a service portal or
connect through single-sign-on but can be used as a MID Server user if
they are flagged as an Internal Integration User

Which users can’t be impersonated in ServiceNow?

 Inactive users
 Users with no userID

Page 27 of 69
11)ServiceNow Table Administration Interview
Questions 2024

What is the ServiceNow table?

 A table is a collection of records in the database.

 Each record corresponds to a row in a table, and each field on a record
corresponds to a column on that table.
 The Now Platform uses a table-based data structure to store and organize
information.
 Pre-built tables are included for common IT service management (ITSM)
processes, with their data fully importable and exportable in CSV, XML,
or other formats.
 Admins can also create custom tables for specific business requirements,
define field properties, create relationships between tables, and extend
existing tables without modifying the originals.
What are servicenow out-of-box tables?

 Tables created by servicenow in the now platform.

 Examples- incident, problem, task,cmdb_ci etc
 admins can’t delete these tables.
What are custom tables in ServiceNow?

 These are the tables created by the admins of the company

 It starts with u_tableName
 We can delete/modify these tables
What is a table extension in ServiceNow?

 In serviceNow, it is possible to establish parent-child relations between

tables.
 Enable one or more child tables to share fields and records with a parent
table.
 A table that extends another table is called a child class, and the table it
extends is the parent class.
 A table can be both a parent and child class both extending and providing
extensions for other tables.
 A parent class that is not an extension of another table is called a base
class.

Page 28 of 69
 Administrators and application developers can only extend tables d uring
table creation
 We see many such relations in a base system such as task and incident,
task and problem etc

What are the ways to see the relation between ServiceNow

classes?

 Administrators can use these tools to see the relationships between classes.
o Schema map
o System dictionary
o Tables module
What are the different extension models in ServiceNow?

 The Now Platform offers these extension models.

o Table per class
o Table per hierarchy
o Table per partition
What are schema maps in servicenow tables?

 The schema map displays the details of tables and their relationships in a
visual manner
 Allowing administrators to view and easily access different parts of the
database schema.
 The schema map can also be printed directly from a browser

Page 29 of 69
Which database in Servicenow supports rollback and
recovery?

What is the delete records module in ServiceNow?

 This module is used to recover deleted records from the servicenow

instance.
 This module works on records in audited tables.
 Cascaded deleted records must be recovered within seven days of the
record deletion.
 After seven days, only data records and references on tables that audit
deletions can be recovered, which is the same functionality as prior
releases
How to recover script execution details under the Scripts –
Background module?
 Navigate to Rollback & Recovery > Script Execution History

What are rollback context?

 Rollback contexts contain everything necessary to roll back a software

upgrade or plugin activation.
 They include deleted records, patch updates, Scripts-Background script
executions, database actions, and plugin activations.

Page 30 of 69
 A rollback context is created for each patch upgrade within a family, and
each plugin activation, provided that the plugin supports rollback contexts.
 Activate the Restore Deleted Records and Delete Recovery plugins to use
rollback contexts.
When a rollback context is created in the servicenow
instance?

A rollback context is created when:

 GlideRecord.delete() or GlideRecord.deleteMultiple() delete records.

 There is a patch upgrade.
 You activate a plugin that supports rollback contexts.
 A script executes using the Scripts-Background module, and rollback was
enabled by
selecting the Record for Rollback. check box.
What are the database limitations in Servicenow?

 Certain Now Platformsubscriptions include custom table entitlements.

 You can create custom tables for any purpose, up to the entitlement limit in
the subscription.
 The system can only have a maximum of 1000 columns per table.
 Every table, regardless of the storage engine, has a maximum row size of
65,535 bytes
 The system can’t have more than 10 medium-length or longer String fields
to a single table
 When you create fields, the u_ prefix is automatically added to the column
name.
What is ServiceNow dictionary override?

 Dictionary overrides allow you to define a field on an extended table

differently from the field on the parent table.
 For example, for a field on the Task [task] table, a dictionary override can
change the default value on the Incident [incident] table wit hout affecting
the default value on Task [task] or on Change [change].
 Administrators can override these aspects of a field:
o Reference qualifiers
o Dictionary attributes
o Default values
o Calculations
o Field dependencies
o Default column display values
o Mandatory and read-only status
Can we change the type of a field in ServiceNow?

Page 31 of 69
 You can change the type of a field.
 To preserve existing data, only change between logical types that map to
the same physical type on the database.
 For example, Choice and String
What are functional fields in ServiceNow?

 A field that displays the results of a database function, such as a

mathematical operation, field length computation, or day-of-the-week
calculation.
 Once the new function record is saved, you cannot clear the check box to
make the field a regular field.
 Video tutorial:- https://youtu.be/zjpOIxxXnSI
What is a calculated field?

 This Determines whether the value of the field is calculated from other
values.
 The Calculation Type field allows you to select the script or formula -based
calculation for the column value.
 About business rules, calculated fields are populated first before any
business rule, even a business rule, is run.
 Fields display as read-only when calculated scripts are applied.

Can I remove the attribute of the base system?

 Yes, you can remove it.

 If you remove an attribute that is part of the base system, it is
automatically restored during an upgrade.
 To prevent upgrades from changing your system’s behavior, leave the
attribute on the table or field but set its value as desired.
 For example, if a field has the attribute knowledge_search=true by
default, do not remove it to set it to false; rather, set it to
knowledge_search=false.
What are the preconditions in naming a custom table in
ServiceNow?

 For a table in a scoped application, the name is prefixed with a namespace

identifier to indicate that it is part of an application.

Page 32 of 69
 For a table in the global application, the name is prefixed with the string
u_
 For a remote table in a scoped application, the name is prefixed with a
namespace identifier and the string st_ to indicate that it is remote and part
of an application.
 For a remote table in the global application, the name is prefixed with the
string u_st_
 You cannot modify the prefix; however, you can modify the rest of the
table name.
 The name can contain only lowercase, alphanumeric ASCII characters and
underscores (_).
What is the purpose of “display” checkbox in the dictionary
record?

 It indicates whether this field is the Display values(appears on records that

reference this table).
What is the purpose of “Can Read” checkbox in the
application section of table?

 Select the check box to enable script objects from other application scopes
to read records stored in this table.
 This option offers runtime protection.
 For example, a script in another application can query data on this table.
First select read access to grant any other API record operation.
What is the purpose of “Can Create” checkbox in the
application section of table?

 Select the check box to enable script objects from other application scopes
to create records in this table.
 This option offers runtime protection.
 For example, a script in another application can insert a new record in this
table.
 This option is available only when the Can read check box is selected.
 Clear the check box to prevent script objects from other application scopes
from creating records in this table.
What is the purpose of “Can Update” checkbox in the
application section of table?

 Select the check box to enable script objects from other application scopes
to modify records stored in this table.
 This option offers runtime protection.
 For example, a script in another application can modify a field value on
this table.
 This option is available only when the Can read check box is selected.
Page 33 of 69
 Clear the check box to prevent script objects from other application scopes
from modifying data stored in this table.
What is the purpose of “Can Delete” checkbox in the
application section of table?

 Select the check box to enable script objects from other application scopes
to delete records from this table.
 This option offers runtime protection.
 For example, a script in another application can remove a record from this
table.
 This option is available only when the Can read check box is selected.
 Clear the check box to prevent script objects from other application scopes
from deleting records from this table.
What is the purpose of “Allow Configuration” checkbox in
the application section of table?

 Select the check box to enable applications from other application scopes
to create configuration records for this table that change its functionality.
 For example, an application designer can select this table from the Tables
list on
 business rules, client scripts, or UI actions.
 This option offers design-time protection.
 Clear the check box to prevent application designers from selecting this
table when creating configuration records.
What are system fields in ServiceNow?

 When you create a new custom table, several fields appear in the Table
Columns embedded list.
 For all tables, required system fields are added automatically.
 You cannot delete or modify these fields.
 For tables that extend another table, fields on the parent table also appear
on the Table Columns embedded list for the current table.
 If you modify these fields, remember that all changes to fields on the
parent table affect all child tables, not just the current table.

Page 34 of 69
Can we delete a table in ServiceNow?

 Administrators can delete custom tables that are no longer needed.

 A table is custom if an administrator created it and it is not part of a
system upgrade or plugin activation
 Custom table names always begins with u_, or x_ for scoped tables
 You cannot delete base system tables. If you inadvertently delete such a
table, it is automatically recreated when you upgrade an instance.
 You cannot delete a table with associated tables extending from it.
 Deleting all records for a table also deletes records from tab les that extend
the table
What is indexing in ServiceNow and its purpose?

 Build indices to access the data held in your tables more easily.
 An index puts unordered tables into order, and efficiently speeds up
queries to columns in your tables, by creating pointers to where
information is stored in your database.
 Constructing an effective index requires specialized knowledge in database
architecture
What are many to many relationships in ServiceNow?

 Many-to-many relationships allow a list to point to a list of entries, rather

than to a single field
 The Many to Many Definitions [sys_m2m] table allows administrators to
create custom many-to-many relationships.
 Some many-to-many relationships are defined by default.
 Administrators can enter the sys_collection list in the navigation filter to
reference the many-to-many relationships available in the base system.
What is “task” table of ServiceNow?

Page 35 of 69
 Task [task] is one of the core tables provided with the base system
 The Task [task] table provides a series of standard fields used on each of
the tables that extend it, such as the Incident [incident] and Problem
[problem] tables.
 The Task table is a base class that provides fields for the core ITSM
applications such as Incident, Problem, and Change Management.
 In addition, any table that extends a task can take advantage of task-
specific functionality for driving tasks.
 Modifications made to the Task table are applied to all child tables.
What are journal fields in ServiceNow?

 Journal fields work together to create a log of changes and comments as

tasks are worked on.
 Journal fields work on audited tables only.
 Fields of the journal_input type are multi-line text boxes which, upon
saving, add the comments into the Activity field with a notation
 Two fields in ServiceNow are journal fields – Additional Comments and
work notes.

What is a remainder table in ServiceNow?

 The Reminder [reminder] table provides a way to auto-generate reminders

for a task.
 Any table that extends the Task table, such as the Incident [incident] tab le,
can use the
 Reminder [reminder] table.
 You can add Reminders as a related list to the Incident form by opening
the form context menu, navigating to Configure > Related Lists, and
adding Reminders->Task.
 By default, only an administrator can create or modify a Reminder record.
 To enable non-administrators to create reminders, add create and read ACL
rules to the Reminder [reminder] table and specify the user’s role.
 To access the Reminder table, type reminder.do in the filter navigator.
What are assignment rules in ServiceNow?

 The instance can automatically assign a task to a user or group based on

pre-defined conditions using data lookup and assignment rules.

Page 36 of 69
 The Assignment rules module allows you to automatically set a value in
the assigned_to and assignment_group fields when a set of conditions
occurs.
What is the execution order between data lookup,
assignment, and business rules?

 Before business rules: Scripts configured to execute before the database

operation with an order of less than 1000.
 Before engines. The following are not executed in any specific order:
o Approval engine (for task and sys_approval_approver tables)
o Assignment rules engine (for task tables)
o Data policy engine
o Escalation engine
o Field normalization engine
o Role engine – keeps role changes in sync with sys_user_has_role table
(for sys_user, sys_user_group, sys_user_grmember, and sys_user_role
tables)
o Execution plan engine (for task tables)
o Update version engine – creates version entry when sys_update_xml
entry is written (for sys_update_xml table)
o Data lookup engine inserts or updates
o Workflow engine (for default workflows)
 Before business rules: Scripts configured to execute before the database
operation with an order greater than or equal to 1000.
 The database operation (insert, update, delete)
 After business rules: Scripts configured to execute after the database
operation with an order less than 1000.
 After engines. The following are not executed in any specific order:
o Label engine
o Listener engine
o Table notifications engine
o Role engine – keeps role changes in sync with sys_user_has_role table
(for sys_user, sys_user_group, sys_user_grmember and sys_user_role
tables)
o Text indexing engine
o Update sync engine
o Workflow engine (for deferred workflows)
o Trigger engine (for all Flow Designerflows)
 Email notifications. The following are executed based on the weight of the
notification record:
o Notifications sent on an insert, update, or delete
o Event-based notifications
 After business rules (Only active records), scripts configured to execute
after the database operation with an order greater than or equal to 1000.

Page 37 of 69
What are database views in ServiceNow?

 A database view defines table joins for reporting purposes.

 For example,
o a database view can join the Incident table to the Metric Definition and
Metric Instance tables. This view can be used to report on incident
metrics and may include fields from any of these three tables.
 Any user creating a report can use database views as the report source, but
ACLs on the underlying tables are honoured.
 A database view is not treated like a custom table, so no licensing impact
exists.
 Database view tables are not included in FTP exports.
 You do not need to create ACLs on fields in the view. The system honours
contextual ACLs (ACLs with a condition or script) on the underlying table.
 Non-contextual ACLs (ACLs with only role checks) are still honoured, just
as with previous releases.
What are the limitations of Database views in ServiceNow?

 Database views cannot be created on tables that participat e in table

rotation.
 It is not possible to edit data in the database view output.
 Database view tables cannot be added as a data preserver in clone requests
 You can still create additional ACLs on the database views. These ACLs
are evaluated last and are always honoured.
How are tables related to each other in ServiceNow?

Tables can be related to each other in the following ways

 Extensions: A table can extend another table.

 One-to-Many: There are 3 types of one-to-many relationship fields
o Reference Field: allows a user to select a record on a table defined by
the reference field.
o Glide List: allows a user to select multiple records on a table defined
by the glide list
o Document ID Field: allows a user to select a record on any table in the
instance.
 Many-to-Many: Two tables can have a bi-directional relationship so that
the related records are visible from both tables in a related list.
 Database views: Database views enable virtual joining of two tables to
report on data that might be stored in more than one table.
What is sys ID in ServiceNow?

 Each record in an instance is identified by a unique 32-character GUID

(Globally Unique ID), called a Sys ID (sys_id).

Page 38 of 69
 When created within the application, sys_id values are unique.
 The same sys_id value is never generated twice, ensuring that every record
created in every table in every instance has a unique identifier.
 A new record has a sys_id of -1, and once inserted, it is assigned a new
sys_id.
 The sys_id is not meant to show as a field on a form or as a column in a
list.
When two records have the same sys_id in ServiceNow?

If two records have the same sys_id value, it occurs as a result of the
following situations

 If a record with the sys_id was copied to the other at the database level
outside of the Now Platform.
 If a record with the sys_id was copied using an Update Set or via XML, its
sys_id is the same.
What is data archiving in ServiceNow?

 Data archiving involves managing table size growth and archiving old
data.
 It moves data that is no longer needed every day from primary tables to a
set of archive tables.
 The longer an instance runs, the more likely it is to accumulate data that is
no longer relevant. For example, task records from two years ago are
typically less relevant than currently active tasks.
 Old data may eventually cause performance issues by consuming system
resources and slowing down queries and reports
Can we query the archived table in ServiceNow?

 Archived tables are not optimized for ad hoc queries.

 They only contain index entries for the display value, creation date, and
the primary key of sys_id.
 For this reason, do not make on-demand queries against an archived table,
such as searching for all priority 1 archived incidents.
o Instead, only search against the indexed fields.
o For example, search for incident INC100001 or incidents created on a
specific date.

12)Tables and Backend names and short cuts

Answer :

Incident list -------------- incident.LIST (opened to new tab)

Page 39 of 69
Problem list ---------------- problem.LIST

New Incident --------------- incident.FORM or incident.do

New Problem -------------- problem.FORM

Incident Task ----------- incident_task

Change Request ------------ change_req

User List -------------------- sys_user.LIST

Group --------------- sys_user_group.LIST

Tables ----------------- sys_db_obeject, sys_dictionary, sys_documentation

Version ---------------- stats.do

(current version Xnadu)

Incident form priority list -------------- dl_u_priority.LIST

Problem form priority list ----------- dl_problem_priority.LIST

Matchar Table ---------- dl_matcher

Date and time and logo changes ----------- basic configuration ui16 or UI 16

Location --------- cmn_location

Country --------------- core_country

Department ---------- cmn_department

Company ----------- core_company

Business Rules ----------sys_script

Client Script -------- sys_script_client

Configuration Item -------- cmdb_ci

User -------------- sys_user

group ------------- sys_user_group

UI policy ----------- sys_ui_policy

Request ------------- sc_request

catalog --------- sc_catalog

catalog item ----------- sc_cat_item

SLA------------------ contract_sla

SLA Task -------------- task_sla

Page 40 of 69
Group member --------- sys_user_grmember

Roles ----------- sys_user_has_role

Attachment ------------ sys_attachments

HRSD COE
Human Resource Service Delivery (Centre of Excellence)

Human Resource Scoped App (Main Table) ------------ sn_hr_core_case

HR Employee Relations ----------- sn_hr_er_case

HR Employee Life Cycle Events ---------- sn_core_le_case

HR Employee Payroll ------------ sn_hr_core_case_payroll

HR Talent Management ------------ sn_hr_core_case_talent_management

HR Total Rewards Points ------------ sn_hr_core_case_total_rewards

HR IT Operations ----------- sn_hr_core_case_operations

HR Workforce Administration --------- sn_hr_cor_case_workforce_admin

Difference Between Created, Opened, Updated, Closed In

ServiceNow

I have taken an example of incident record from my demo instance.

Lets start with very first field you see in the screenshot above.
 Updated – It is the latest(most recent) timestamp this incident updated by
anyone , a user or system anyone. It will change according to update.
 Updated By – It captures the user Id of account which updated the record
recently. It will change on every update according to user.
 Created – The date/time when the record was created in database or in
table. It Never change.
 Created By – User Id of the account which created the record. It never
changes.
 Opened – It is a timestamp when user starts the creation by clicking
Create New. So, it my be same or few second less than Created.

Page 41 of 69
 Opened by -User Id of the account which opened the record. It never
changes.
 Closed – The timestamp when the record is finally closed and turned to
inactive.
 Closed By – User Id of the account which closed the record. It never
changes.
Example Of Created Vs Opened

Lets say operator OP presses ‘Create new’ under the incident application at
precisely 11:00 a.m.. He spends approximately 4 minutes entering field
information before pressing submit.

For this record, the ‘Opened’ field would be populated with 11:00 a.m., and
the ‘Created’ field would be populated with 11:04.

For items such as REST inserts, or record producers, since this creation and
opening is technically instantaneous from the form perspective, this is why
you probably see identical opened and created values.

A custom Table how many fields automatically Created ?

Answer : 6 Fields

When you create a new table in ServiceNow, several fields are automatically
generated.

Sys ID : (sys_id) (32 Digits Unique id )

A unique identifier for each record.

Created : (sys_created_on )
The date and time the record was created.

Created by : (sys_created_by )
The user who created the record.

Updated : (sys_updated_on)
The date and time the record was last updated.

Updated by : (sys_updated_by)

Page 42 of 69
The user who last updated the record.

Updates: (sys_mod_count)
Number Of Updates For This Record Since Record Creation
These fields are essential for tracking and managing records within the system

Note: Custom Fields and Custom Tables Indicates (u_)

Example: Passport Booing Application add One Field, Field Name Gender (u_gender)
,Table name Passport Booking(u_passport_booking)

Columns: 6

Controls:
Extensible: if Enable the Check Box Ur Table Extensible other table (parent to Child)
Auto-number: Ur Customized
Access Controls: CRUD Operations

Page 43 of 69
What is delegation in user administration ServiceNow?

Answer :

In ServiceNow, delegation in user administration allows users to assign their responsibilities to

another user temporarily. This is particularly useful when the primary user is unavailable due to
reasons like vacation or illness.

Delegating Approvals and Tasks:

Delegated Development:
Managing Cross-Scope Requests:
User Profile Management:

13)What Gets Captured In ServiceNow Update

Sets?

What gets captured in update set?

The simple answer to this is that in the tables where update_synch

attribute is true i.e. update_synch =true , any changes to the data of
that table is captured in update set.

Page 44 of 69
In above image can see the attribute is true for CI Relationship Type
table. It means if you make change to any record of CI Relationship
Type table it get captured in update set.

What does not captured in update set?

Tables where update_synch is not present or is false , are not captured

in update set

In above image can see the attribute is not present for incident table. It
means if you make changes to any record of Incident table it will not
get captured in update set.

What is update_synch attribute?

update_synch controls what can and cannot be captured as a

customization on a table. Generally speaking, the update_synch
attribute is found on tables with configuration data. update_synch does
not exist on a table with raw data, like Task, from client user s that are
being input into the system.

Can we add update_synch attribute to any table where it is

not added by servicenow?

 No it is not recommended.
 Any such changes can do performance issues in your production instance.
 In case you want to add, please get in touch with ServiceNow Support
team and discuss it.

Page 45 of 69
15)List Of All ServiceNow Access Control
QuestionsAttachment QuestionsHRSD Questions

Difference between -none-,*,table.active in ACL?

 An ACL, also known as an Access Control List, specifies
the object and operation being secured.
 ACLs can be broadly classified as table-level and field-level ACLs.
Table Level:-
Here is an example of a table-level ACL. Here, the delete operation is
secured for table Incident. Since no column is specified, which indicates that
the delete operation is secured for the entire table.

Field-level ACL:-
A field-level ACL is an ACL that applies to a specific field. Here is an
example of a field-level ACL. In this case, the read ACL is defined for the
field short description.

Field level .*.

Page 46 of 69
If the ACL is table.*, which indicates it applies to a specific table and all its
fields, In the following example, it is Incident.*, which specifies it is for the
incident table and applies to all of its fields.

*.* All tables and all fields:

This applies to all tables and all fields.

Table.active:

This is the active field of the table.

What is an admin override in the ACL?

Answer :

in ServiceNow, the Admin Overrides option in an Access Control List (ACL) determines whether
users with the admin role are subject to the ACL rules or not

Key Points:

Admin Overrides Enabled:

If this option is checked (true), users with the admin role will bypass the ACL rules and have
unrestricted access

Admin Overrides Disabled:

If this option is unchecked (false), even users with the admin role must meet the ACL criteria to
access the resource This feature is useful for maintaining strict access controls while still allowing

Page 47 of 69
 admins the flexibility to override them when necessary.
Query Business Rules vs. ACL – comparison
Area
Access restriction
User Experience
Performance
Debugging
Impact on Scripts
Scoped Applications
User Impersonation
Query BR
Row-level only (e.g. entire
Incident record)
Will only show the records the
User can see, with no message at
the bottom about “some records
removed due to security”. E.g. if
there are 500 Incidents but the
User can only see 10, it will
show one page with only 10
records.
Query BR can provide a
performance boost in some
cases, compared to ACL.
You cannot debug Query BR
using the “Debug Security”
module.
ACLs are not impacting the
scripts.Exceptions include: using
GlideRecordSecure or adding
“canRead/canWrite” etc. to your
GlideRecord in scripts.
You cannot create Query BR on
tables from a different scope
within a scoped app.
Query BR can impact the proper
inserting or updating of records
via Update Sets – e.g. if on a
target instance, you don’t have
access to a specific record due to
Query BR and try to update it via
an Update Set, it won’t happen.
Page 48 of 69
ACL
Global, table or field level
Will show all pages with the
restricted records being
“invisible” and a message at the
bottom “some records removed
due to security”. E.g. it will show
10 pages of records, but the user
will only see 1 record on each
page – the rest will be empty
rows.
ACLs have to be evaluated for
every record/field individually.
ACLs can be easily debugged
with “debug security”
Query BR can make script
debugging rerd sometimes.
In some cases, it was impossible
to properly test or debug Query
BR by impersonating a user. We
acd to log in as that user to see the
real effect*
No known issues related to
impersonation.
Comments
The ACL way of showing records can be
annoying for users who sometimes have to
click through a lot of empty pages to get to the
records they want to see. It also makes bulk
editing from the list difficult.On the other
hand, some prefer to show this to users as it
makes them aware restrictions are in place.
Query BR is only evaluated once per each
table query. They just return the resulting
records from DB to the application.
Query BR will be shown in the “Debug
Business Rules” module, but you can only see
that a particular BR has run, with no info on
whether it actually restricted any records.
Query BR will impact all your scripts running
on the table where the BR is applied. E.g. if
you have a script doing a GlideRecord on
Incident table, it will be affected by Query BR
according to the restrictions put in it.
You cannot add roles to ACLs from a different
scope.You cannot use script evaluation in
ACL wiwhichs for a table in a different
scope.You cannot create wildcard (*) rules for
tables in a different scope.
*I have not been able to reproduce this now,
but our testers reported this issue on several
occasions. Keep this in mind just in case.
Update Sets Under normal circumstances,
you will probably not be affected
by this behaviour. Things get
interesting when you start
restricting configuration files.
No adverse impact on Update Under normal circumstances, you will
Sets. probably not be affected by this behaviour.
Things get interesting when you start
restricting configuration files.

Can we create two ACLs with the same field type on a

single table, will it deactivate the other one which was
created OOB?

You can! It will evaluate the ACs in a “random” order though — you can’t
predict which would get applied first, but if you restrict a field to a speci fic
role and have a different AC restricting the same field to a different role, it
will be an “OR” type of application – it will give access to someone who has
either role or condition satisfied.

For example, the 2 ACs below will allow anyone who matches the role and
condition of either, access to write to the “incident.caller_id” field.

You could also combine these into a single AC, but sometimes its easier
(especially considering the condition writing) to have separate ones.

What happens when i try to update ACL in global scope

however ACL is created in the Digital Portfolio Management
app?

You will get an error because you try to create/modify an ACL which is in
scope “Digital Portfolio Management” but the table “Incident” is in Global
scope. Imagine this would be possible, then all scoped applications could
block table access of other applications.

Instead, if you need extra conditions you have to create an additional ACL in
the “Global” scope.

Provide an easy definition of ServiceNow access controls?

 ACLs or Access Control Lists are the process by

which ServiceNow provides granular security for its data and can be
applied to individual records, as well as fields within those records.
 While you want to work with ACLs, you should know the types of
ACLs. The types are as follows:
o RoRow-levels or table-level ACL
o CoColumn-levels or field-level ACL

Page 49 of 69
 You can create ACLs for different operations on the table like Read,
Write, Create, and Delete.
 You can create ACLs for Client Callable scripts, UI pages, REST
endpoints, etc. Please see the low screenshot.

 While giving the user access to Read, you need to first create Row level
ACL first and then create Field level ACL for Read permission.
 You need to add the role that you decided to whom you are going to give
Read access.
Can anyone explain the order of ACL evaluation in
servicenow?

When working with ACLs, it is extremely important to note that the order in
which an ACL definition is evaluated has performance implications. These
are:-
1. Roles
2. Criteria
3. Script

Does ACL evaluation process impact performance?

Yes, it has performance implications. The order is given below:-

Page 50 of 69
1. ROLES: FASTEST
2. CRITERIA: FAST
3. SCRIPT: SLOWEST
ROLES: FASTEST
Roles will evaluate extremely fast as they are cached in server memory, so
using roles is always highly recommended.

CRITERIA: FAST
 Conditions are based on values in the current record and will be evaluated
uickly, but only after the role has been checked.
 Although you can have complex criteria using dot-walking (“Show related
records”) these will incur a performance overhead as ServiceNow needs to
load the related records.

In this example, the criteria is based on the company of the assigned person
for that record, requiring ServiceNow to load TWO additional records to
evaluate.
Remember, performance does not scale in a linear fashion.
Although criteria like this may seem blisteringly fast when looking at a
single record in a development environment, it will be much slower in
production as lots of people access records—and particularly if it is applied
to a READ rule in a list view as the criteria has to evaluate for each and
every individual row being displayed (multiplying the performance
overhead).

SCRIPT: SLOWEST
 Although slowest here is a relative term, ACL scripts will evaluate at least
slightly slower than ACL roles and ACL criteria for a number of reasons.
 Scripts are often needed in ACLs, but they should always be carefully
considered for performance implications.
 The best practice with scripts is to have them shielded by roles and
criteria. In this way, the script won’t even run unless the ACL first
matches the role and then matches the criteria, potentially sidestepping a
performance overhead before it occurs.
Consider the following two ACLs. Technically, they’re identical, but one
will run considerably faster than the other.

Page 51 of 69
 Even though they’re technically identical, the second ACL will be slower
because:
 The script will be run for ALL users and not just those that have the ITIL
role
 The script will run on ALL records not just those that are active
 ServiceNow’s JAVA layer has to invoke a Rhino Javascript engine to
evaluate this script
Ideally, scripts should only be used on ACLs that already have roles and
criteria to ensure they’re only running when absolutely necessary.
ServiceNow is optimized to run ACLs extremely fast, but they can introduce
a performance overhead on large instances with millions of records.
GRC Policy and compliance implementation ACL scenario?

Scenario – I am working on GRC Policy and compliance implementation. I

am looking for an option to control who can access a policy record without
need to create a custom role. For example, an user can access only the policy
records that he is responsible for. if i assign the OOTB compliance manager
or compliance user, then the user will be able to edit all records. the ACL is
an option to control this kind of access?
Solution – The requirement is to allow user that is in Responsible For field
of the policy record. So, for this, you can use Read ACL and in the script
section, you can write below code:
var loggedinUser = gs.getUserID();
if(current.u_responsible_for == loggedinUser ){
answer = true;
}
else{
answer = false;
}

How record ACLs are processed?

 Record ACL rules are processed in the following order:

Page 52 of 69
 o Match the object against table ACL rules.
o Match the object against field ACL rules.
 This processing order ensures that users gain access to more general
objects before gaining access to more specific objects.
 A user must pass both table and field ACL rules to access a record object.
o If a user fails a table ACL rule, the user is denied access to all fields in
the table, even if the user passes a field ACL rule.
o If a user passes a table ACL rule, but fails a field ACL rule, the user
cannot access the field described by the field ACL rule.
Explain table ACL rule?

The user must first pass the table ACL rule. Since the base system includes
STAR (*) table ACL rules that match every table, the user must always pass
at least one table ACL rule. The base system provides additional table ACL
rules to control access to specific tables.

Table ACL rules are processed in the following order:

1. Match the table name. For example, incident.

2. Match the parent table name. For example, task.
3. Match any table name (*). For example, *.
If a user fails all table ACL rules, the user cannot access the fields in any
table. If a user passes a table ACL rule, the system then evaluates the field
ACL rules.

Explain field ACL rule?

After a user passes a table ACL rule, field ACL rules are processed in the
following order:

1. Match the table and field name. For example, incident.number.

2. Match the parent table and field name. For example, task.number.
3. Match any table (*) and field name. For example, *.number.
4. Match the table and any field (*). For example, incident.*.
5. Match the parent table and any field (*). For example, task.*.
6. Match any table (*) and any field (*). For example, *.*.
A user must pass the table ACL rule to be granted access to the ta ble’s fields.
For example, the user must first pass the table ACL rule for the incident table
to access the Number field in the incident table.

The first successful field ACL evaluation stops ACL rule processing at the
field level. When a user passes a field ACL rule, the system stops searching
for other matching field ACL rules. For example, if a user passes the field

Page 53 of 69
ACL rule for incident.number, the system stops searching for other ACL
rules that secure the Number field in the incident table.

What is the use of IP address access control?

 Apply an IP access control to outbound traffic, inbound traffic, or
bidirectional traffic.
 The system only blocks an IP address if a matching Deny rule exists and
no matching Allow rule exists.
 By default, there are no restrictions on access to your instance.
What is Adaptive Authentication in access conrols?
 Adaptive authentication is a policy framework to enforce contextual
authentication controls to the right users at the right time.
 Adaptive authentication uses authentication policies to evaluate
authentication requests and either deny or allow access to your instance
based on the specified policy conditions.
 Admins can use adaptive authentication policies and contexts to restrict
access to the instance for users and APIs based on criteria like IP address,
user role, and user group.
How to activate adaptive authentication?

Enable Adaptive Authentication (com.snc.adaptive_authentication) plugin

Please tell us about the behavior when you control access
to servicenow by IP address?

Scenario – When accessed from an IP address that does not allow access to
servicenow. Are you able to see the login page? Or does it just say the page
doesn’t exist?
Solution – if you want to access a ServiceNow instance with IP address
access restriction, you will get the following screen if your IP address is not
on the whitelist:

Access Control Scenario based question?

Scenario –
 If we have a write ACl and Name is Incident.* and its for role “xyz”
 If we have a write ACl and Name is Incident.callerid and its for “xy” role.
The queries are:
1. What will be the result?

Page 54 of 69
2. What needs to be done to have Callerid to be only accessible by “XY” and
by “xyz”?
Solution –
1. The user who has “xyz” role, can write all field in incident. The user who
has “xy” role, can write “callerid” field in incident.
2. I think read ACL is needed.
Setting a “Deny” IP Access Address control could return
“Invalid update” if the user IP creating the deny rule is not
included on at least one allowed range?

Cause:-
 The IP range you are trying to deny might come under your current Public
IP range and that range would lock your current IP address out!
 e.g. If your current IP is 10.10.10.10, you should have an allow rule for
10.10.10.10 . Then you can create a deny rule for 0.0.0.0 to
255.255.255.255.
Resolution:-
 Allow a range that contains your current Public IP first.
 To know what is your IP address, use this
URL: https://www.whatismyip.com/
 Then deny the range which you wish to be block. After allowing one
public IP range, you could block from 0.0.0.0 to 255.255.255.255.
 e.g. If your current public IP is 10.10.10.10, you should have an allow rule
for 10.10.10.10 . Then you can create a deny rule for 0.0.0.0 to
255.255.255.255.
How to control rest API post/patch access?
Scenario –
I have a requirement to not allow user to insert/modify a particular field with
rest API (not script Rest API, just table API) directly( means, via put, patch,
post), but still allow read access, also allow the user’s other action via rest
API to trigger business rule to update/insert this particular field.(some kind
of rea only access via rest API)
I could not figure out how to implement this, Does any one implement
somethin similar or has any suggestions? Is it possible?
Resolution:-
Pending – Working on it.

Read ,write, delete, create which one executes first ?

Answer :

Table-Level Read:
Checks if the user can read the table.

Page 55 of 69
Record-Level Read:
Checks if the user can read the specific record.

Field-Level Read:
Checks if the user can read individual fields within the record.

Table-Level Write:
Checks if the user can write to the table.

Record-Level Write:
Checks if the user can write to the specific record.

Field-Level Write:
Checks if the user can write to individual fields within the record.

Table-Level Delete:
Checks if the user can delete records from the table.

Record-Level Delete:
Checks if the user can delete the specific record
Question: 60

What do "Table" and "None" refer to?

One word Answer :
(Table and All Records)

Detailed Answer :

"Table":
Refers to rules that apply to entire tables. It controls access to all records within the specified
table.
For example, a table-level read rule would determine if a user can see any records in the table.

"None":
Indicates there are no specific field-level rules applied. If you see "None," it means the ACL rule
doesn't apply to any particular field within the table, leaving field-level access unrestricted unless
other ACLs are defined

What Is the order of ACL execution?

Answer :

ACL (Access Control List) order refers to the sequence in which ACL rules are evaluated
and applied in ServiceNow.

Role

Page 56 of 69
Conditions
Script
which roles is need to create new ACLS and update old rules?

Answer:

Specifically, you should elevate your role to "security_admin" to manage ACLs effectively

Other Roles
Admin
ITIL
ITIL_Admin
User Admin
Report Admin
Catalog Admin

In ServiceNow, ACL (Access Control List) rules can be applied in a few different ways to control
access to data

Record-Level ACL:

Controls access to an entire record in a table.

For example, determining who can read, write, or delete an incident record.

Field-Level ACL:

Controls access to specific fields within a record.

For example, allowing users to see an incident record but restricting access to the "Priority" field.

Table-Level ACL:

Controls access to all records within a table.

For example, restricting access to the entire incident table.

Scripted ACL:

Uses server-side scripts to define complex logic for access control.

For example, allowing access based on specific conditions evaluated in a script.

Conditional ACL:

Applies ACL rules based on conditions or filters.

For example, only allowing access if a certain field value meets specified criteria.

Page 57 of 69
Summary:

Record-Level ACLs: Control access to entire records.

Field-Level ACLs: Control access to specific fields.
Table-Level ACLs: Control access to entire tables.
Scripted ACLs: Use scripts for complex logic.
Conditional ACLs: Apply based on conditions or filtersTopic : ACLs

What is an Access Control List (ACL)?

An Access Control List (ACL) in ServiceNow is a set of rules that control the access
permissions for records, fields, and other resources within the platform. These rules
determine who can view, create, update, or delete data.

Key Components

Permissions:
Define what actions (read, write, delete) a user can perform.

Conditions:
Specify the criteria that must be met for the permissions to apply.

Roles:
Associate the permissions with specific user roles.

Significance

Security:
Ensures that sensitive data is protected and only accessible to authorized users.

Compliance:
Helps maintain compliance with internal and external data security regulations.

Customization:
Allows for fine-grained control over data access, tailored to business needs. Day 6 ServiceNow
Interview

16)SERVICENOW ADMINSTRATION

Page 58 of 69
What is the ServiceNow admin centre application?

 Admin Center provides a central hub for platform owners and admins to
access the platform capabilities, discover new applications, and get
intelligent, actionable insights.
 Use the Admin Center application to discover the capability of the
available applications and how they can be implemented to work towards
achieving your business goal.
What is the purpose of the Admin Home page?

 Get notified of critical and high-priority incidents

 Stay updated about the problems and changes on the instance
 Create and switch to your personalized dashboard based on what is most
important to you
 Stay updated on the current version, scheduled upgrade, and licensed
applications status
on your instance
 As an admin, get a comprehensive 1-page view of the delta changes on the
instance
Can we modify the cards in the admin center dashboard?

 You can’t add or remove any cards from the Shared admin dashboard.
 You can create a new dashboard by selecting Create new dashboard.
 You can modify the cards in your personalized dashboard.
What information is available about the system in the admin
center?

 Admin Home page shows information about the current version,

violations, and scheduled upgrades on your instance
 It also shows the status of licensed applications as a list of installed
applications on your instance and the applications that need to be updated

Page 59 of 69
What are adoption blueprints servicenow in the admin
center?

 Adoption blueprints display the applications and features available to you

and the recommended solutions to achieve business goals
 Adoption blueprints are the specific and measurable results that an
organization needs to accomplish their growth.
 You can target strategic business improvements with a set of apps an d
features.
What are the goals of servicenow adoption blueprints?

 Optimizing operations to meet the goals of your organization efficiently

◦ Reduced service operations cost for premium quality services
◦ Focused on simplifying and automating transactions
 Managing risk more efficiently by improving prioritization, efficiency, and
operational
reporting
 Delivering seamless employee experience to increase engagement and
productivity with
proper utilization of resources
How does servicenow suggest adoption blueprints?

 These are industrial goals based on data and research done by servicenow
keeping industrial standards in mind
 Each adoption blueprint displays the progress you have made in working
towards your strategic goal
 The recommended applications and features have been arranged in the
order of impact to give you a measurable result.
What is the servicenow configuration hub?

 Configuration Hub gives you the ability to quickly find tables,

configurations and metadata records related to any application ins talled on
your instance.
 Experience the ability to zoom into an application or a group of
applications and view all the relevant tables and records on a single page
using the Configuration Hub

Page 60 of 69
What are ServiceNow Configuration Hub features?

 One-stop experience to access all relevant information

 Enhanced ability to save your preferences for all tables and records
 Ability to track and view delta changes, over-allocated licenses, and
customizations on a
single screen
 Enhanced use of multiple filters simultaneously to drill down to a
particular application
 Ability to open and edit a record within Configuration Hub. You don’t
need to navigate to the record using the conventional ways.

17)Development Questions
1. What is the primary purpose of Team Development in
ServiceNow?

Page 61 of 69
 To support parallel development on multiple non-production ServiceNow
instances.
 To enable branching operations, including pushing and pulling record
versions between instances.
 This allows for the comparison of a development instance with other
development instances.
 To provide a central dashboard for all Team Development activities.
2. How does Team Development allow developers to
manage changes?

 Track local changes and determine which changes should be promoted to

the parent development instance.
 Pulling changes from the parent instance and resolving collisions with
local changes.
 By comparing the instance with other development instances and resolving
any collisions.
 Pushing changes when a feature is tested and ready to promote to the
parent development instance.
3. What access level is required for developers to use Team
Development?

 Developers need admin access to their development instance.

 They also need admin access to the parent instance to use team
development.
4. What are Update Sets used for in ServiceNow Team
Development?

 Storing changes to a baseline or installed application.

 Storing and applying a particular version of an application.
 Producing a file for export.
 Deploying patches or changes to installed applications.
5. What should not be done with Update Sets?

 Update Sets should not be used to install applications.

 For installation, use the application repository or the ServiceNow Store
instead.
6. What is the Application Repository used for?

 Installing and updating applications on all company instances.

 Automatically managing application update sets.
 Restricting access to applications to the same company.
 Deploying completed applications to end users.
7. How are local changes managed in Team Development?

Page 62 of 69
 Local changes are tracked in a table showing which customized records
have current versions on the development instance but not on the parent
instance.
 Developers queue local changes that are ready to push.
 Each development instance maintains a single queue, regardless of who
develops or queues the changes.
 Developers can ignore local changes that they do not want to push.
8. What does the Local Changes list on the team dashboard
show?

 It shows the local changes that have not been queued for the next push o r
ignored for all pushes.
9. What does the Ready to Push list show?

 It shows the changes that are queued for the next push.
10. What does the Ignored list show?

 It shows the changes that are ignored for all pushes.

11. Under what conditions does pulling ignore versions?

 When certain conditions like matching an exclusion policy occur.

 When private properties are excluded from all Update Sets and pulls.
 When there are collisions that must be resolved.
 When there are previously resolved collisions.
 When there is a problem with the version record, such as a corrupt or
missing version.
12. What is the purpose of the Team Development
dashboard?

 To provide a central place to manage all Team Development activities on

your development instance.
 To track local changes, pull and push changes between local and parent
instances, and compare the local instance to other development instances.
 To resolve any collisions and reconcile with the current parent instance.
13. What information does the control panel on the team
dashboard provide?

 Status indicators and Team Development actions.

 Connection status to the parent instance.
 Number of changes on the parent that have not been pulled to the local
instance.
 Number of local changes that are queued for the next push.
 Number of local changes that have not been queued or ignored.

Page 63 of 69
14. How can developers resolve collisions in Team
Development?

 By clicking the collision indicator to open the list and resolve the
collisions.
 By using the Resolve a collision in Team Development feat ure.
15. What does changing the parent instance initiate?

 A complete comparison between the development instance and the new

parent instance.
16. What is recommended before changing the parent
instance?

 Ensure that the new parent instance was cloned recent ly from an
appropriate instance.
 Ensure that the change does not conflict with your change management
process or other development efforts.
17. What is the purpose of comparing peer instances in
Team Development?

 To share code between instances without pushing to a common parent.

 To initiate a full comparison of all changes on the remote instance and the
local instance.
 To selectively commit a version from the remote instance or compare it
with the local version.
18. What does pulling a version retrieve in Team
Development?

 Versions of customized records from the parent instance.

 All versions for changes made by users that have not already been pulled
onto the development instance.
19. What is the process of pushing a version in Team
Development?

 Promotes changes from the development instance to the parent instance.

 This commits the current version of a customized record on the
development instance to the parent instance.
 Creates a local Update Set on the parent marked as complete.
 Tracks pushed changes as local changes on the parent.
20. When should reconciliation occur in Team
Development?

 Automatically, whenever you select a parent instance.

Page 64 of 69
 Manually after an external disruptive event on the parent instance, such as
a clone or failover.
21. What is a collision in Team Development?

 When the pulled version and the current local version are modifications of
a different version, indicating that someone else has modified the same
record.
22. What types of records cannot be merged in Team
Development?

 sys_choice [Choice]
 sys_choice_set [Choice Set]
 sys_ui_form [Form]
 sys_ui_list [List]
 sys_ui_related_list [Related List]
 sys_ui_section [Form Section]
 wf_workflow [Workflow]
 wf_workflow_version [Workflow Version]
23. How should you resolve collisions involving non-
mergeable record types?

 Use the Pulled Version and Use Local Version options on the Team
Development, Resolve Collision page.
24. What are the rules regarding parent and production
instances in Team Development?

 An instance can have multiple peer instances but only one parent instance.
 The parent instance must be on the same release family as the local
instance.
 Do not use a test or production instance as the parent instance.
 Production instances should never have a parent.
25. What happens when you back out a change on a Team
Development instance?

 It backs out the change all the way back down the chain, including
undoing the work on the source instance.
26. How can you set up an instance hierarchy in Team
Development?

 Provision development instances on the same software version as the

target instance.
 Clone the target to the development instances.
 Define the parent instance for each instance.

Page 65 of 69
 Define peer instances for each instance if needed.
 Pull all changes from the parent instance.
27. What roles are involved in the Team Development
process?

 Developers must have admin access to their development instance.

 A remote instance connection must be defined with a user account that has
admin access to the parent instance.
28. What information can code reviewers see in Team
Development?

 Which remote instance the pushed change comes from.

 Who pushed the change to the parent.
 What the change is called.
 When the change was created.
 Which versions the change includes.
29. What actions are restricted while changes are being
reviewed on the parent instance?

 Pushing changes to the parent instance.

 Pulling changes from the parent instance.
 Reconciling changes with the parent instance.
 Changing the parent instance to another instance.
 Deleting the remote instance record for the parent instance.
30. What notifications are sent during the code review
process?

 A notification is sent when a push requires code review.

 A notification is sent when a user cancels a push.
 The user who pushed the changes receives a notification when the
approval stage is set to Complete (approved) or Code Changes Rejected.
31. How can you exclude certain files from change tracking
in Team Development?

 By creating an exclusion policy.

 Exclusion policies prevent changes from generating records in the local
changes list.
32. How does Team Development support a distributed
version control system?

 By allowing multiple ServiceNow instances to act as source repositories or

branches.

Page 66 of 69
 By enabling developers to share code between instances and resolve
collisions throughout the development process.
33. What is the process for pulling changes in Team
Development?

 Pulling retrieves versions of records that have customer updates.

 Pulling retrieves all versions that have not already been pulled onto the
development instance.
 Developers must resolve any collisions before proceeding with further
pulls or pushes.
34. What is the process for pushing changes in Team
Development?

 Pushing adds only the current development version to the parent instance.
 Developers can choose which changes to push to the parent.
 Pushing creates a local Update Set on the parent that is marked as
complete.
35. What does the Team Development process involve?

 Setting up the instance hierarchy.

 Granting developer access rights.
 Managing the movement of development changes from development
instances to test instances.
 Promoting applications to the production instance.
36. How do administrators transfer version records
between instances?

 By moving customizations with Update Sets or the Team Development

application.
 Committing an Update Set adds versions to the local instance.
 Pulling retrieves all versions of customized records that have not already
been pulled.
40. What does the Team Development comparison feature
help developers do?

 Compare the local development instance with other instances.

 Compare between local and parent instances.
 Identify and resolve collisions before promoting changes.
41. What should developers do before promoting changes
to production?

 Test changes in a staging or test environment.

 Ensure all collisions are resolved.

Page 67 of 69
 Review and approve changes as needed.
 Use the application repository or the ServiceNow Store for installation.
42. What are the best practices for managing parallel
development?

 Always Use Team Development to manage changes across multiple

development instances.
 Track local changes & determine which one you have to promote.
 Pull and push changes to and from the parent instance. Make sure of it.
 Always Resolve collisions before proceeding with further development.
43. How can developers queue local changes for
promotion?

 By adding local changes to the Ready to Push list.

 By resolving any collisions that occur during the queuing process.
44. What should developers consider when resolving
collisions?

 Use the Team Development, Resolve Collision page.

 Determine whether to use the pulled version or the local version.
 Consider the impact of each change on the overall development effort.
45. What happens to ignored local changes in Team
Development?

 They remain on the local instance and are not pushed to the parent
instance.
 Developers can change their status to ready for the next push if needed.
46. How does Team Development support collaborative
development?

 By enabling multiple developers to work on the same project across

different instances.
 By providing tools to manage and merge changes.
 By ensuring consistency and preventing conflicts in the development
process.
47. What should developers do if they encounter issues
during the Team Development process?

 Review the local changes, ready to push and ignore lists.

 Resolve any collisions or errors.
 Ensure that all instances are correctly connected and up to date.
48. What are the limitations of Team Development?

Page 68 of 69
 It cannot be used to install applications.
 Some record types cannot be merged, which is a limitation.
 It needs admin access to both local and parent instances as well.
49. How does Team Development handle updates to
customized records?

 It helps in tracking updates in the Update Versions table.

 It helps enable developers to push and pull changes between instances.
 Provides tools to compare and merge different versions.
50. What are the key features of the Team Development
dashboard?

 It provides Centralized management of development activities.

 It makes Tracking and promoting local changes.
 It helps compare instances and resolve collisions.
 It ensures smooth collaboration among development teams.

Page 69 of 69