Functional Testing

Simple Data Separation is an additive data segregation tool in ServiceNow - it provides an additional layer of protection to Access Controls, Domain Separation, and any other security mechanisms you may have in place. The use of multiple security methods can make it difficult to understand which mechanism hinders access for a particular user to a particular record.

There are 2 easy ways to understand if Simple Data Separation is keeping your user from gaining access to a record:

1. Deactivate the rule (best for sub-prod environments)

   1. Deactivate the Separation Rule in a sub-production environment

   2. Impersonate the user in question

   3. Attempt to access the record in question

   4. If the user has access now (but did not when the Separation Rule was active), then Simple Data Separation is blocking access. If not, then some other mechanism is blocking access.

2. Enable Simple Access Requests (best for production environments)

   1. On the Separation Rule, enable Simple Access Requests

   2. Impersonate the user in question

   3. Attempt to directly access the record in question via a direct link (typically inclusive of 'sys_id=[record_sys_id]' in the URL)

   4. If the Simple Access Request banner appears (see below), then Simple Data Separation is blocking access. If the banner does not appear, then some other mechanism is blocking access.

If the Separation Rule is blocking access undesirably, you can adjust configuration of the Separation Rule to understand (via process of elimination) which component is blocking access. Once this is understood, Separation Rule configuration can be updated to accommodate the needed access.

Contact Yansa Labs at yansalabs.com/support if additional troubleshooting help is needed.