Table ACL vs Field ACL
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
yesterday
In this case, will everyone be able to access the field because the table ACL is open to all users, or will only admin users be able to access the field due to the field ACL restriction?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
yesterday - last edited yesterday
@Lisa71 , If there's already an ACL defined for a specific field in your form for certain roles, then only those users with the roles would most likely be able to read/write that field. Even though the entire table might be accessible to all users , the column level ACL would still override access to that specific field.
How to verify quickly
- Impersonate a non-admin user.
- Navigate to the record and observe the field (it should be hidden or inaccessible).
- Use System Security → Debug Security Rules while loading the record to see exactly which ACL passes/fails.
If my response has helped you, mark it as helpful and accept the solution.
Regards,
Nayan
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
59m ago
Thank you. If there's "tablename.*" acl (*means all fields) allows everyone to access all the fields, plus the table ACL to allow everyone, and field acl to allow only admin to access field A, will the field A be accessible to everyone or only admin?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10m ago - last edited 8m ago
It will be only accessible to the admins.
ServiceNow’s ACL evaluation for a field operation (read/write/create) works like this:
- Field ACLs are evaluated first (most specific).
- Table ACLs are evaluated after (less specific).
- When a field ACL exists for that field + operation, the user must pass:
- At least one matching field ACL for that field/operation, and
- At least one matching table ACL for that table/operation.
So, in your scenario:
- tablename.* ACL (all fields) → allows everyone
- tablename table ACL → allows everyone
- tablename.fieldA field ACL → allows only admin for admin, not for everyone else
A non-admin user fails the field-level requirement (they don’t meet the field ACL), even though they pass the table and tablename.* ACLs. Therefore, field A is only accessible to admin.
If my response has helped you, kindly mark it as helpful and accept the solution.
Regards,
Nayan
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
yesterday
ServiceNow checks ACLs in this order:
Table ACL (record-level access)
Field ACL (column-level access)
Access is granted only if all applicable ACLs pass.
If any ACL fails, access is denied.
Your Scenario:
Only admin users can access that field
Even though the table is open, the field ACL restricts access further, and the restriction wins.
