From ba773f3b904026cf7a63757bef65e713c5a4a9ef Mon Sep 17 00:00:00 2001 From: Lucifer <108731648+shivamvish160@users.noreply.github.com> Date: Sat, 18 Oct 2025 20:44:04 +0530 Subject: [PATCH 1/3] Create README.md --- .../ACL Audit Utility/README.md | 25 +++++++++++++++++++ 1 file changed, 25 insertions(+) create mode 100644 Server-Side Components/Scheduled Jobs/ACL Audit Utility/README.md diff --git a/Server-Side Components/Scheduled Jobs/ACL Audit Utility/README.md b/Server-Side Components/Scheduled Jobs/ACL Audit Utility/README.md new file mode 100644 index 0000000000..9c7d1ae67a --- /dev/null +++ b/Server-Side Components/Scheduled Jobs/ACL Audit Utility/README.md @@ -0,0 +1,25 @@ +# ACL Audit Utility for ServiceNow + +## Overview + +This script audits Access Control Lists (ACLs) in your ServiceNow instance to identify potential security misconfigurations. It helps ensure that ACLs are properly configured and do not unintentionally expose sensitive data. + +## Features + +- Detects **inactive ACLs** +- Flags ACLs with **no condition or script** +- Warns about **public read access** (ACLs with no roles assigned) +- Logs findings using `gs.info()` and `gs.warning()` for visibility + +## Usage + +1. Navigate to **System Definition > Script Includes** in your ServiceNow instance. +2. Create a new Script Include named `ACL_Audit_Utility`. +3. Paste the contents of `ACL_Audit_Utility.js` into the script field. +4. Ensure the script is set to **Active** and **Accessible from all application scopes**. +5. Run the script manually or schedule it using a **Scheduled Job**. + +## Notes + +- This script does not make any changes to ACLs; it only audits and logs findings. +- You can extend the script to send email notifications or create audit records in a custom table. From 633b154006456733805c454ebc9b2403c2994e3d Mon Sep 17 00:00:00 2001 From: Lucifer <108731648+shivamvish160@users.noreply.github.com> Date: Sat, 18 Oct 2025 20:44:31 +0530 Subject: [PATCH 2/3] Create code.js --- .../Scheduled Jobs/ACL Audit Utility/code.js | 31 +++++++++++++++++++ 1 file changed, 31 insertions(+) create mode 100644 Server-Side Components/Scheduled Jobs/ACL Audit Utility/code.js diff --git a/Server-Side Components/Scheduled Jobs/ACL Audit Utility/code.js b/Server-Side Components/Scheduled Jobs/ACL Audit Utility/code.js new file mode 100644 index 0000000000..02e60b78e1 --- /dev/null +++ b/Server-Side Components/Scheduled Jobs/ACL Audit Utility/code.js @@ -0,0 +1,31 @@ + + // Description: Audits ACLs for potential misconfigurations and logs findings. + + var grACL = new GlideRecord('sys_security_acl'); + grACL.query(); + + while (grACL.next()) { + var aclName = grACL.name.toString(); + var type = grACL.type.toString(); + var operation = grACL.operation.toString(); + var active = grACL.active; + + // Check for ACLs that are inactive + if (!active) { + gs.info('[ACL Audit] Inactive ACL found: ' + aclName + ' | Operation: ' + operation); + continue; + } + + // Check for ACLs with no condition or script + var hasCondition = grACL.condition && grACL.condition.toString().trim() !== ''; + var hasScript = grACL.script && grACL.script.toString().trim() !== ''; + + if (!hasCondition && !hasScript) { + gs.warning('[ACL Audit] ACL with no condition or script: ' + aclName + ' | Operation: ' + operation); + } + + // Check for ACLs granting 'read' access to 'public' + if (operation === 'read' && grACL.roles.toString() === '') { + gs.warning('[ACL Audit] Public read access detected: ' + aclName); + } + } From 926283d44f11fcd6aade60c80f47bd1b333901c0 Mon Sep 17 00:00:00 2001 From: Lucifer <108731648+shivamvish160@users.noreply.github.com> Date: Sat, 18 Oct 2025 20:48:00 +0530 Subject: [PATCH 3/3] Update README.md --- .../Scheduled Jobs/ACL Audit Utility/README.md | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/Server-Side Components/Scheduled Jobs/ACL Audit Utility/README.md b/Server-Side Components/Scheduled Jobs/ACL Audit Utility/README.md index 9c7d1ae67a..04abb187a4 100644 --- a/Server-Side Components/Scheduled Jobs/ACL Audit Utility/README.md +++ b/Server-Side Components/Scheduled Jobs/ACL Audit Utility/README.md @@ -13,11 +13,10 @@ This script audits Access Control Lists (ACLs) in your ServiceNow instance to id ## Usage -1. Navigate to **System Definition > Script Includes** in your ServiceNow instance. +1. Navigate to **System Definition >Scheduled jobs** in your ServiceNow instance. 2. Create a new Script Include named `ACL_Audit_Utility`. -3. Paste the contents of `ACL_Audit_Utility.js` into the script field. -4. Ensure the script is set to **Active** and **Accessible from all application scopes**. -5. Run the script manually or schedule it using a **Scheduled Job**. +3. Paste the contents of `code.js` into the script field. + ## Notes