Access Control

🚧

This covers only Moveworks Classic

For Moveworks Copilot experiences, refer to "Moveworks Copilot - Feature Overview" page.

Overview

Whether it’s a form that automatically provisions a new VM or a knowledge article describing how to terminate an employee, we understand some users are just not meant to see certain resources. That’s why Moveworks has built the Moveworks Access Control Platform.

With the Moveworks Access Control Platform, you can restrict access to forms and knowledge based on the user. With Access Control, employees will not be able to view articles or forms that are not meant for them, even with an exact title match. This allows organizations to create tailored experiences for employees.

How to get started

The are two options to get started with making Access Control a part of your search experience.

  1. Moveworks Managed Permissions
  2. Platform Permissions Integration (for ServiceNow only)

Example Use Cases

VM Provisioning

In this scenario, a Developer may be entitled to request a VM, but someone from Marketing is not.

Restrict access to regional benefits

Benefit policies frequently vary between states, countries, or regions. Using access control, you can ensure that employees only have access to view the policies that are relevant to them.

Available by region

Available by region

Host technical knowledge

For technical issues, you may want to provide IT or Engineering teams answers that are more technical. In the scenario below, Alexa is an agent, and receives a much more technical article, whereas Lewis, a lawyer, receives simple non-technical steps.

Available only to IT users

Available only to IT users

Offer regionally available hardware

It's common that hardware catalogs vary across region, role, or other attributes. In the scenario below, Chelsea, from Hong Kong, receives different options for Hardware compared to Christine from Los Angeles.

Available by region

Available by region

FAQ

Q: I’ve deployed platform permissions. How do I enable these restricted forms for in-bot form filling?

A:The bot must be able to pass the user criteria of each form the bot wants to serve up. Typically this requires the creation of a new user criteria rule or adding the bot as an exception to all rules.

Q: How does access control work for the Channel Resolver skill?

A:Moveworks will still apply access control rules to the search process, making sure users are only sent information they already have access to in DM. However, by default, Moveworks will post the knowledge back to the public thread from where the utterance originated.

If you would like to disable the channel share. You can ask your customer success team to disable the post back.

Q: Is Access Control checked in real-time?

A:No. Access control data is ingested every 24 hours. Your rules will be enforced through the bot within 24 hours. Due to ingestion scheduling, creation of new forms or knowledge, or deviations from the “Expected Results Validation,” data may be as stale as 48 hours. Therefore, Moveworks SLA for access control freshness is 48 hours.

Q: How do I install an update set from Moveworks?

A:To install an Update Set Module, you can follow the 3 steps below.

  • Download the Update Set Modules that our CS team will send to you.
  • Import these under “Retrieved Update Sets” in your ServiceNow instance.
  • Commit the changes and the app will show up in “My Company Applications.” Make sure to commit the “base” update set first

Q: Is Moveworks’ System identical to my ServiceNow Environment?

A:The following permission control structures are in scope for our permission system:

  • Moveworks enforces User Criteria (Not Available For + Available For), Roles, & User Entitlements on Knowledge Articles, Knowledge Bases, and Catalog Items.
  • Moveworks does NOT enforce
    • User Criteria for Catalog Categories - This is because users can still see a form in a restricted category if given the direct link, or if searching for the form.
    • Admin “override” privileges like knowledge_admin or catalog_admin roles.
    • Entitlement Scripts for Forms - this is a legacy permission system which does not expose details about which users satisfy an entitlement script

Q: Does Moveworks support integrating Access Control with Sharepoint or Confluence?

A:Moveworks can support replicating your Sharepoint permissions using Moveworks Managed Permissions. This is recommend to be used to allow certain users to see certain sites, but it is not recommended to replicate permissions on a page-based level.