All fields should be read only except one or two fields.

Supriya Mane
Tera Contributor

I have to make all fields read only for agent and admin only for alm_asset table. expect one field with write access.

2 ACCEPTED SOLUTIONS

Mark Roethof
Tera Patron
Tera Patron

Hi there,

Any follow-up needed? Or was my answer sufficient?
Let me know.

If your question is solved, please close the topic by marking my answer as correct. This will help others searching for a similar question and will remove the topic from the unsolved list.

Kind regards,
Mark
2020-2022 ServiceNow Community MVP
2020-2022 ServiceNow Developer MVP

---

LinkedIn
Community article, blog, video list

 

Kind regards,

 

Mark Roethof

Independent ServiceNow Consultant

10x ServiceNow MVP

---

 

~444 Articles, Blogs, Videos, Podcasts, Share projects - Experiences from the field

LinkedIn

View solution in original post

Jatin Ponnaluri
ServiceNow Employee
ServiceNow Employee

Hi @Supriya Mane ,

 

  1. Row-level ACLs are combined with the logical OR
  2. Field-level ACLs are combined with the logical OR
  3. The results of 1 &2 will be combined with the logical AND

    You might require 2, or 3 ACLs in a few cases, 
    i.  A field level tablename.* write operation ACL with requires role "nobody".  Which means nobody can edit all the fields.
    ii. A field level table.yourField write operation ACL with require roles "agent", "admin".  Which means only the desired roles can edit the field mentioned. 

    Now opening any of the above created ACL,  click Show ACL Execution Plan and check if any pre-existing row level ACL is present which might disrupt our scenario, if yes, ( In my case I had one default ACL which required admin role to pass) .. then, you might need another ACL as mentioned below.
    iii. create a row level  write operation ACL with require roles "agent", "admin". Which means users with roles agent or admin can write. 

    It evaluates to iii && (i || ii).

    If it helps please click Accept as Solution/hit the Thumb Icon.
    Thanks,
    Jatin

View solution in original post

12 REPLIES 12

VS
Giga Guru

Hi,

I would suggest you write a table-level ACL to restrict and give field-level access to the users to who you want to show one or two fields.

Thanks

 

Supriya Mane
Tera Contributor

First I tried with write *ACL and giving the role same as I want and for alm_asset table Then after I create one filed level ACL for Restricting the particular field but still it is not working. Please suggest

Mark Roethof
Tera Patron
Tera Patron

Hi there,

Most ideal would be Access Control. Though this could mean modifying a lot of (out-of-the-box) Access Controls.

Data policy could work, though the maintainable part is really poor.

UI Policy (using script) or Client Script would work perfect for maintainable / upgradeable, though is less secure and will impact performance.

So what do you want to use?

If my answer helped you in any way, please then mark it as helpful.

Kind regards,
Mark
2020-2022 ServiceNow Community MVP
2020-2022 ServiceNow Developer MVP

---

LinkedIn
Community article, blog, video list

 

Kind regards,

 

Mark Roethof

Independent ServiceNow Consultant

10x ServiceNow MVP

---

 

~444 Articles, Blogs, Videos, Podcasts, Share projects - Experiences from the field

LinkedIn

Ankur Bawiskar
Tera Patron
Tera Patron

Hi,

Multiple ways to do this. You can decide which one to take based on your use-case and complexity

1) ACL - Recommended

a) you will require table.* WRITE ACL with advanced script

Admin overrides - uncheck

Script:

if(gs.hasRole('agent') || gs.hasRole('admin'))
	answer = false;
else
	answer = true;

b) You will require Table.YourField Write ACL to allow the edit for this field only

Admin overrides - uncheck

Script:

if(gs.hasRole('agent') || gs.hasRole('admin'))
	answer = true;
else
	answer = false;

2) onLoad client script

function onLoad(){

	if(g_user.hasRoleExactly('agent') || g_user.hasRoleExactly('admin')){
		
		// make all editable fields as readonly
		
		var fields = g_form.getEditableFields();
		for (var x = 0; x < fields.length; x++) {
			g_form.setReadOnly(fields[x], true);
		}

		// make that single field as editable
		g_form.setReadOnly('your_field', false);
	}

}

Regards
Ankur

Regards,
Ankur
Certified Technical Architect  ||  9x ServiceNow MVP  ||  ServiceNow Community Leader