Hi @RahulY00040 ,

As per my understanding , below are the key points .

1. ACLs and IRE:
* ACLs (including READ ACLs) are not honored by IRE calls.
* IRE runs as part of system processes (like Discovery, IntegrationHub, Import Sets, etc.), and these execute with system-level privileges (often as the system user), bypassing ACLs for performance and functionality.

2. What is honored by IRE?
* Query Business Rules (Before Query) are triggered when a query is made from the UI or scripts where ACLs are enforced.
* However, IRE bypasses ACLs and Before Query BRs do not affect it either.
* Data Policies, Data Integrity Rules, and Reconciliation Rules are respected to an extent, depending on the context.

Recommended Approach as per my understanding.

If your goal is to limit access to CMDB data:
* Rely on ACLs to restrict user-level access through UI/API.
* Use security_admin role to manage and audit ACL rules.
If you want to ensure certain CMDB attributes are not overwritten or changed during IRE execution:
* Use Reconciliation Rules (Data Source Precedence Rules) to control what fields are updated by specific sources.
* This is the ServiceNow recommended approach for controlling data integrity during IRE operations.

Please appreciate the efforts of community contributors by marking appropriate response as Mark my Answer Helpful or Accept Solution this may help other community users to follow correct solution in future.
 

Thank You
AJ - TechTrek with AJ - ITOM Trainer
LinkedIn:- https://www.linkedin.com/in/ajay-kumar-66a91385/
YouTube:- https://www.youtube.com/@learnitomwithaj
Topmate:- https://topmate.io/aj_techtrekwithaj (Connect for 1-1 Session)
ServiceNow Community MVP 2025