all right let's get it started thank you all for joining our platform privacy Academy session uh today is really excited about talking a little bit more around the access analyzer that's uh the topic that most of our customer and and uh Partners really wanted to hear from us finally we are here uh once again thank you all for joining the topic that we are going to cover today is really around service now access analyzer particularly around what we have done in the past about some of the advanced feature and functional and how it's evolving in the future releases as well next SL sanut so my name is fim I'm one of the uh product manager in platform privacy and security team I've been with service now for almost five years I covered the Fe different from product areas like conversational interface in the past like virtual agent live agent and nlu uh as well as currently covering some of the platform security uh related products as well uh with me today uh sji t uh met who joined um as a guest speaker Sanita would you like to give a little quick intro to the audience as well yes uh hey everyone I am San I am the product manager for identity team we are under the platform security uh super excited to be presenting access analyzer we know this is a tool that's been spoken a lot by our customers so thank you all for joining and I'm looking forward to an engaging session thank you s awesome so before uh next slide please uh before we go any further I'm very excited to announce that this is the 13th sessions that we have covered so far under the service now platform privacy and security so if you really wanted to learn about some other other uh security and privacy related product offerings that we hosted in the past please feel free to subscribe to our channel so you either scan the code which is on the screen or you just literally just type uh service now community or service now platform privacy and security or service now Vault uh to uh YouTube uh YouTube and then you literally just kind of will be directed to our um community of uh our Channel as well so feel free to subscribe and become a member and ask a lot of questions there as well the finally so Safe Harbor notice as service now as publicly Trading Company so we are having some sort of forward-looking statement so we might talk about some of the things which is uh would be in our upcoming releases or on the road map so if you are looking for any of our product offerings or decide to purchase or make any final um uh purchasing decision please uh feel free to take a look at what's available in the store today so the agenda that we're going to cover today we're going to we have a little packed agenda as well as this is the first uh the session that we are covering for Access analyzer so we're going to have a overview of the access an analyzer and then we're going to have three different demos around three different key uh capabilities and features that we uh launched in in in our past releases and then uh s might shed some lights around what's coming our upcoming releases like Zen or beon and then we're going to go over some of our customer engagement channels and then uh uh we're happy to address some of your questions as well so uh with me today my another awesome colleague Andrew Balo he's already are typing in the zoom chat window as well if you have any questions feel free to uh ask on the zoom chat and my colleague uh Andrew will uh address and answer those as well so with that sanj you time gonna give it back to you and then just feel free to kick it off yep uh so thank you forut and hello everyone again uh today we'll be talking about access analyzer tool so what is access analyzer access analyzer is a service now Store app that helps admin evaluate permission for a selected user role or a group on a particular resource like a table or a UI page it was first introduced in Vancouver release where we introduced evaluate access for a single user on a resource this was introduced to cater to customer admin's need of understanding at a granular level what provided or blocked access to a user role or a group the version two of access ACC analyzer this was released in Washington release and this deals with access comparison that is compare user records and compare user access com access comparision allows admin to compare the roles groups and also the access on a particular resource for two users this also caters to the need of customer admin when admin finds some access issue with the user he usually compares the problematic user with his peers uh this covers the overview of what access analyzer is uh please note before I move forward please note that this access analyzer tool is currently only accessible to admin personas um moving on let's talk about evaluate access that is the first feature of access analizer that we introduced in evaluate access admin can evaluate permission for a selected user role or a group the input here is the identity like a user role or a group along with the resource where we want to find the access like a table incident table or a UI page but how exactly does this work this works by access analyzer taking the input of the user like I said and impersonating as the user to find out what is the access on the of the user on the selected resource the result of this uh access analyzer is a visual representation of why user can or cannot access a resource even at an ACL level just like you can see in this image here in short evaluate access gives customer an ability to quickly troubleshoot access issue for a user on a selected resource now let's look at this uh with uh with a use case the the use case here is I want to understand what is the permission of able tutor on an in on a table analytics task table so um forut can can you confirm if you can if you can see my um tool yes yes I can okay so uh this this is the homepage of um of access analyzer I've already installed this tool on my instance and this is how the home screen looks like we have evaluate Access compare user records and compare user access these two features we'll be talking uh talking in the future slide let's concentrate on evaluate access where I can evaluate permission for a selected user r or a group I said my use case was to understand why able tutor my user what kind of access does able tutor have on analytics task table so I select my task table analytics task table I can also select record and field but for this example let's go ahead with selecting the table and clicking on evaluate access this is how the result looks like we have list of all the operation that can be performed on this table and what is the overall AIS of these different operation so here in the example I can see that this user has right operation on analytics uh analytics task table but does not have delete does not have create operation so if I want to understand why he does not have create operation I can click on the operation itself clicking on the operation I get that there is an a Access Control analytics tab task which is blocked why is that blocked that is blocked at the role level and the required role for this ACL to pass was analytics task admin T task admin which this user does not have access to this is how I understand why this user able tutor does not have create opt cannot create uh cannot create uh any new records on analytics task table this was about analytics this was about evaluate access where we understood why a user cannot perform certain operation like create on a selected table or resource moving on to compare user record in compare user record we let the admin can compare the static attributes of two users like user attributes roles or group here the input is two users and the result is a visual representation of how the user details roles and groups of these two users differ now let's look at the demo for compare user record and the use case here is I want to understand how the user details and role and group membership of two users able tutor and alien motor differ or are similar so let's uh go to my tool so I click on compare user record and select the two users I said able tutor and alien and I want to see how their at static attributes defer I click on compare user record so here the result has three tabs details where I can see the comparative view of details of these two users I can also filter on here by selecting a particular uh particular user attribute like location or department and I apply and I can see how these two users Department defer so they they have they belong to the same Department that is customer support but their locations are a little different um I can see in the second tab I I can see that how the roles of these two users differ so uh here I can see that one of the user has analytics workspace user role whereas the other does not have access to this role uh here as well I can filter on and search for a particular role like the m and if I want to see how the roles defer I can see that I can also there there's also an option to see only the difference between the roles of these two user by clicking on this and unclicking on this and checking this check box uh that's about role and the third type is how the group membership of these two users defer so I can see one of the user has access to analytic setting manager whereas the other does not have access to this uh this is about comparing the static attributes of these two users um I will take a little pause here before I move on so you guys if you guys have any questions we can add that you can add them in the chat and we we we'll be we'll try to answer so I'll take a small pause moving on to compare user access um that's that the compare user access was uh introduced in Washington as well what is compare user access in compare user access admin can compare the user's access on a particular table or record or feed the input here is uh two users along with the table where we want to find the difference for these two users but how does this work similar to evaluate access here as well we impersonate as these two users and try to find out what is the access of these two users on a selected table the result as you can see on the right side of this right side we have an image uh we can see the visual representation of how access to a table specifically you can search for a field or a field on the table uh defer for these two users uh in short comparison gives customer uh ability to quickly troubleshoot access issues by comparing the problematic user with his peers and finding out where the axis is broken and how it can be fixed so we can we can take a look at the demo for compare user access as well uh here uh there is a t there is a case where these two users a able and alen have similar job duties but their access on incident table is different now let's understand how we can quickly understand why that access on incident table is different with the help of our tool so let me search for compare user access I said there are two users able tutor and alien Morin they belong to customer support department but their uh access on incident table is different let me search for the table and click on compare user access so comp compare user access gives you a rep this this is how the result look like where I can see the different operation that can be performed on incident read write create delete and and all the other operation and I see they have similar access across read write and create but when it comes to delete on incident table they have different access why is that let's click on the delete operation to understand when I click on delete operation I understand there is an ACL defined for this delete operation which is passed for alien but it was blocked for able tutor to understand why exactly let me click on the ACL so this is the ACL and the ACL has four attributes roles security attribute condition and script and we see at the role level it was blocked for able tutor but alien was able to pass at pass at the role and security attribute level uh to understand what role gave access to alien Morton we what's the required role for this ACL we I clicked on a required role and there's one required role itle admin which needs to be uh given access to if the user wants to perform uh wants to perform delete operation on this table this there's this interesting um interesting feature where I can understand how user got access to this role by clicking on show rooll hierarchy so here you can see that this is my user alien who has access to itel admin role and how did she get access to itle admin that's through the member of membership of it admin group this is how alien moton got access to and whereas our able tutor user does not have this necessary role so on comparing these users I understand they belong to the same Department that is customer support but one user does not that is able tutor does not have itle admin if he needs access to delete he needs access to itel admin role but how will how should he get access to itle admin uh role he should get access to it admin role via it admin group because when compared with alen alen got it in this way this is what we understand with by comparing these two users so all in all um yeah so so uh admin could quickly troubleshoot why these two users complain of different taxes on incident table because they have different group membership this this uh this covers the compare user access demo uh moving on to the next slide where where uh I where uh so so this this takes us to the end of my presentation and my demo uh where we saw access analyzer um we saw how quickly customer admin can be self- served and have more agency over their roles and users and their access on the service now platform we saw three uh use cases of access analyzer along with three uh three uh re three um features that is evaluate Access compare user record and compare user access with the help of use case and demo but that's not all for Access analyzer we are also building something called as access simulator uh what is access simulator it helps admin to simulate and understand how access to a specific table would change once a role or a group is assigned or removed from the user admin can use access simulator before actually making changes to the group or role membership of the user uh please note that this feature is not live yet um and and we we are we are in the process of uh developing this uh feature so yeah that brings me to the end of my presentation over to you forgot awesome San thank you so much that's uh that's a lot of features uh you know just uh I personally learned a lot around access analyzer as well so uh if you all have any other questions around access analyzer please feel free to type on the zoom chat and we're happy to address those um uh while the team uh is asking a few questions and just want to let you know that uh we are here talking about the access analyzer as part of our July's agenda in August we're going to be talking about uh June agenda my sorry and then July we're going to be talking about the access control which is one of the on demand uh topic that a lot of customer really wanted to learn around our access control and in August we're going to be talking a little bit more about uh platform encryption with other uh use cases as well so what's available here for us to provide to you all uh just we have few different uh just documentation and a messaging website that you feel free to either subscribe or just directly open by scanning the QR code here uh first I just uh talked about earlier before this presentation uh please feel free to become uh a member to our Channel or subscribe to our Channel by scanning the QR code uh you will hear and and learn a lot of information about our not only just security product offerings but also from uh various products that we provide here at service now as well and we have a documentation site either it's a product product documentation related where you can see a little bit learn a little bit more about the products and then some of the details and and instruction and implementation guide uh but also you can learn a little bit more about the blog post and articles and some other uh documents through our our servet community or service.com as well and uh uh we have a platform privacy and security community site so we can scan the QR code there as well where you can see all the different new articles and some of the block po post and we literally can tell you some of our uh new product Futures and offerings and what's coming in our upcoming releases as well so I'm just going to pause here to give uh you all a little bit time to ask a few questions uh if you have any questions feel free to put on the zoom chat so one one question that I see here is San is there a Best practice or approach to using analyzer in terms of troubleshooting steps like I said we can start with evaluating evaluate access where we can understand at what level the uh the access is broken so if there's a user able tutor uh we can go ahead with entering the able tutor uh we can go ahead with evaluating access for that user and then to understand how exactly he should get access to it we can go ahead with comparing that user with his peers so that will give us the answer of how he should get access to a certain operation on a table so that's that's how we can do that thank you the second question is like how does access analyzer evaluate access like what's what is the mechanism for Gathering the results so um like I said uh we we the the input that is a user is taken and we impersonate the access analyzer tool impersonates as that user and uh goes and verifies what kind of access does this user have on a table once it once they impersonate so there's impersonation which helps us understand what access this user actually has on on the selected table so yeah that's the mechanism yeah good answer and the last question that I see here is are there uh use cases for Access analyzer for developer and uh could developers use it for testing Access Control implementation for apps right definitely they can this is also one of our use case but to have access to uh service now access analyzer the user needs to have admin role we are also exploring on how we can bring in other roles here but yeah having said that right now only admins can perform uh can use access analyzer tool but but in other prod nonpr environment where developers also have admin access we can we can have uh many developers use this tool to just give just to troubleshoot uh access on nonpr environment thank you yeah that's the that's the questions I have so far so if you guys have any other questions feel free to ask um just GNA wait one more minute and then we will wrap it up thank you San I really appreciate it for uh for preparing this presentation and giving extensive overview of what access analyzer really is and once again like just this is the first session that we have for Access analyzer and there's there's a lot to cover in this session and hopefully we're going to have one more session uh towards upcoming releases to highlight some of the key features and functionality around access analyzer as well all right I do not see any other questions coming and thank you so much Andrew for staying behind the scene and and answer something questions through the zoom chat as well thank you I really appreciated for your help with that we're going to conclude today's session around access analyzer and thank you all for joining this session and until next month stay tuned bye-bye thank you Sanita thank you thank you everyone