ServiceNow SaaS Security for ACLs & Permissions | Obsidian Security

Secure ServiceNow integrations, permissions & KB widgets with Obsidian Security

81%

of organizations have sensitive SaaS data exposed

Obsidian Network Data

12%

of breaches are caused by cloud misconfigurations

IBM Data

80%

of SaaS accounts have excessive privileges

Obsidian Network Data

ServiceNow’s access control and integration complexity creates posture gaps

Manually reviewing ticketing, communications, reporting, third-party apps, custom integrations, and external data leaves serious risks undetected.

Weak controls let low-privileged users access sensitive data from unauthorized tables
Shadow public tables without defined access controls can allow unauthorized access
Misconfigured Knowledge Base widgets allows unauthorized access to sensitive content (e.g. employee comp plans accidentally shown in Company Benefits knowledge base article)

Obsidian UI highlighting high-impact ServiceNow security issues such as highly privileged accounts and publicly accessible reports across staging and production.

Table of ServiceNow-specific security rules in Obsidian showing high-risk issues like shadow public tables, exposed widgets, and sensitive data in unauthorized roles.

Audit and monitor every access point across ServiceNow

Identify widgets that bypass allowlist system properties, unintentionally exposing data to the public
Revoke dormant accounts and unnecessary access permissions
Audit access controls for ServiceNow assigned roles, groups, and ACLs across Dev, Staging, and Production
Enforce Read and Cannot Read user and guest criteria at the article level

Incident Watch Cover

Incident Watch

ServiceNow Vulnerability Exposes Sensitive Data to Unauthorized Users

Incident Watch Cover

Blog

SaaS Security Shared Responsibility Model: Who’s Responsible for SaaS Security?

Blog

Salesforce Misconfiguration Continues to Expose Links to the Public