All fields should be read only except one or two fields.

Go to solution
Supriya Mane
Tera Contributor

ā€Ž08-04-2022 12:18 AM

I have to make all fields read only for agent and admin only for alm_asset table. expect one field with write access.

0 Helpfuls
  • 2,881 Views
2 ACCEPTED SOLUTIONS

Go to solution
Mark Roethof
Tera Patron
Tera Patron

ā€Ž08-07-2022 09:32 AM

Hi there,

Any follow-up needed? Or was my answer sufficient?
Let me know.

If your question is solved, please close the topic by marking my answer as correct. This will help others searching for a similar question and will remove the topic from the unsolved list.

Kind regards,
Mark
2020-2022 ServiceNow Community MVP
2020-2022 ServiceNow Developer MVP

---

LinkedIn
Community article, blog, video list

 

Kind regards,

 

Mark Roethof

Independent ServiceNow Consultant

10x ServiceNow MVP

---

 

~444 Articles, Blogs, Videos, Podcasts, Share projects - Experiences from the field

LinkedIn

View solution in original post

0 Helpfuls

Go to solution
Jatin Ponnaluri
ServiceNow Employee
ServiceNow Employee

ā€Ž03-19-2023 12:48 PM

Hi @Supriya Mane ,

 

  1. Row-level ACLs are combined with the logical OR
  2. Field-level ACLs are combined with the logical OR
  3. The results of 1 &2 will be combined with the logical AND

    You might require 2, or 3 ACLs in a few cases, 
    i.  A field level tablename.* write operation ACL with requires role "nobody".  Which means nobody can edit all the fields.
    ii. A field level table.yourField write operation ACL with require roles "agent", "admin".  Which means only the desired roles can edit the field mentioned. 

    Now opening any of the above created ACL,  click Show ACL Execution Plan and check if any pre-existing row level ACL is present which might disrupt our scenario, if yes, ( In my case I had one default ACL which required admin role to pass) .. then, you might need another ACL as mentioned below.
    iii. create a row level  write operation ACL with require roles "agent", "admin". Which means users with roles agent or admin can write. 

    It evaluates to iii && (i || ii).

    If it helps please click Accept as Solution/hit the Thumb Icon.
    Thanks,
    Jatin

View solution in original post

0 Helpfuls
12 REPLIES 12

Go to solution
Mark Roethof
Tera Patron
Tera Patron

ā€Ž08-07-2022 09:32 AM

Hi there,

Any follow-up needed? Or was my answer sufficient?
Let me know.

If your question is solved, please close the topic by marking my answer as correct. This will help others searching for a similar question and will remove the topic from the unsolved list.

Kind regards,
Mark
2020-2022 ServiceNow Community MVP
2020-2022 ServiceNow Developer MVP

---

LinkedIn
Community article, blog, video list

 

Kind regards,

 

Mark Roethof

Independent ServiceNow Consultant

10x ServiceNow MVP

---

 

~444 Articles, Blogs, Videos, Podcasts, Share projects - Experiences from the field

LinkedIn

0 Helpfuls

Go to solution
Pavankumar_1
Mega Patron

ā€Ž09-06-2022 01:47 AM

Hi @Supriya Mane  ,

Please close the thread by marking it as correct it has created long back and then it will be benefit for the other users.

Mark āœ… Correct if applicable, Thanks!! 

 

Regards

Pavankumar

If it helps please click Accept as Solution/hit the Thumb Icon.
ServiceNow Community MVP 2024.
Thanks,
Pavankumar
0 Helpfuls

Go to solution
Jatin Ponnaluri
ServiceNow Employee
ServiceNow Employee

ā€Ž03-19-2023 12:48 PM

Hi @Supriya Mane ,

 

  1. Row-level ACLs are combined with the logical OR
  2. Field-level ACLs are combined with the logical OR
  3. The results of 1 &2 will be combined with the logical AND

    You might require 2, or 3 ACLs in a few cases, 
    i.  A field level tablename.* write operation ACL with requires role "nobody".  Which means nobody can edit all the fields.
    ii. A field level table.yourField write operation ACL with require roles "agent", "admin".  Which means only the desired roles can edit the field mentioned. 

    Now opening any of the above created ACL,  click Show ACL Execution Plan and check if any pre-existing row level ACL is present which might disrupt our scenario, if yes, ( In my case I had one default ACL which required admin role to pass) .. then, you might need another ACL as mentioned below.
    iii. create a row level  write operation ACL with require roles "agent", "admin". Which means users with roles agent or admin can write. 

    It evaluates to iii && (i || ii).

    If it helps please click Accept as Solution/hit the Thumb Icon.
    Thanks,
    Jatin
0 Helpfuls