Do read, write, and report_view follow the same logic?

Go to solution
Lisa71
Tera Contributor

yesterday

For ACL types like read, write, and report_view, do they all follow the same logic?
Specifically, if a table does not have any report_view ACL defined, then does that mean everyone can view the table’s data through reports by default?
And once any report_view ACL is created (for example, allowing only the admin role), does that mean users who are not included in that report_view ACL will no longer be able to access the table’s data through reports?
0 Helpfuls
  • 94 Views
1 ACCEPTED SOLUTION

Go to solution
pavani_paluri
Tera Guru

5 hours ago

Hi @Lisa71 ,

 

Yes, your understanding is correct.

 

ACL Types
Read ACL → Controls whether a user can *see* records in a table (e.g., open a list or form).
Write ACL → Controls whether a user can *update* records in a table.
Report_view ACL → Controls whether a user can *see data from that table inside reports* (like charts, dashboards, analytics).
All ACLs follow the same logic?
Yes — all ACL types follow the same basic principle:
If no ACL of that type exists → access is allowed by default.
If any ACL of that type exists → the system enforces it, and only users who meet the ACL conditions can access.

No report_view ACL defined:
Everyone who has general access to the table (via read ACLs or roles) can see its data in reports.
In other words, reporting is open by default. Ifnone report_view ACL defined, then the system now enforces report_view rules.
Example: If you create a report_view ACL that only allows the `admin` role, then only admins can see that table’s data in reports.
All other users, even if they can read the table normally, will not see its data in reports unless they’re explicitly included in a report_view ACL.

 

Mark it helpful if this helps you to understand. Accept solution if this give you the answer you're looking for
Kind Regards,
Pavani P

View solution in original post

0 Helpfuls
5 REPLIES 5

Go to solution
nayanmule
Kilo Sage

yesterday

@Lisa71  , Yes you are right .

If there are no report_view ACL's present for your table by default all the users who have access to your table will be able to view the data through reports.

So, reporting is open unless it's restricted.

 

Once you create any ACL for the report view, Servicenow will enforce report_view ACL rules only.

 

If my response has helped you , mark it as helpful and accept the solution.

Regards,

Nayan

0 Helpfuls

Go to solution
Tejas Adhalrao
Tera Guru

yesterday

Hi @Lisa71  ,

 
If no report_view ACL exists, then anyone with read access to the table can view its data in reports by default.
Once you create a report_view ACL, ServiceNow starts enforcing it.
This means only the users or roles listed in that ACL can see the table’s data in reports.
Anyone not included in that ACL will lose report access, even if they still have read access to the table.
In short, adding a report_view ACL makes report visibility more restrictive.

 

 

 If you found my solution helpful, please mark it as Helpful or Accepted Solution...!

thanks,

tejas

Email: adhalraotejas1018@gmail.com

LinkedIn: https://www.linkedin.com/in/tejas1018

 

0 Helpfuls

Go to solution
Tejas Adhalrao
Tera Guru

yesterday

Hi @Lisa71  ,

 

  • By default, if a table does not have any report_view ACL, anyone who can read the table can also see its data in reports.

    • Example: If a user can view incidents, they can also create or see reports on incidents.

  • Once you create a report_view ACL, ServiceNow will enforce it.

    • Only the users or roles specified in that ACL can see the data in reports.

    • Users not included in the ACL cannot see the table’s data in reports, even if they can read the table normally.

 

  • No report_view ACL → anyone who can read the table can see reports.

  • Add a report_view ACL → only specified roles/users(with report_view acl) can see reports.

 

 

 

 If you found my solution helpful, please mark it as Helpful or Accepted Solution...!

thanks,

tejas

Email: adhalraotejas1018@gmail.com

LinkedIn: https://www.linkedin.com/in/tejas1018

 

 

 

0 Helpfuls

Go to solution
pavani_paluri
Tera Guru

5 hours ago

Hi @Lisa71 ,

 

Yes, your understanding is correct.

 

ACL Types
Read ACL → Controls whether a user can *see* records in a table (e.g., open a list or form).
Write ACL → Controls whether a user can *update* records in a table.
Report_view ACL → Controls whether a user can *see data from that table inside reports* (like charts, dashboards, analytics).
All ACLs follow the same logic?
Yes — all ACL types follow the same basic principle:
If no ACL of that type exists → access is allowed by default.
If any ACL of that type exists → the system enforces it, and only users who meet the ACL conditions can access.

No report_view ACL defined:
Everyone who has general access to the table (via read ACLs or roles) can see its data in reports.
In other words, reporting is open by default. Ifnone report_view ACL defined, then the system now enforces report_view rules.
Example: If you create a report_view ACL that only allows the `admin` role, then only admins can see that table’s data in reports.
All other users, even if they can read the table normally, will not see its data in reports unless they’re explicitly included in a report_view ACL.

 

Mark it helpful if this helps you to understand. Accept solution if this give you the answer you're looking for
Kind Regards,
Pavani P
0 Helpfuls