Access control

Likith · ‎11-26-2023

Please explain this

Incident with None

Incident with *

Incident with Short Description

Maik Skoddow · ‎11-26-2023

there are tons of resources which explain the topic of ACLs and how they work. So please check them first and start learning. As a starting point you can use my page Access Control Lists (ACL)

Maik

View solution in original post

Danish Bhairag2 · ‎11-26-2023

Hi @Likith ,

Here's an explanation of each:

1. **Incident with None:**

- This likely refers to an ACL rule that restricts access to incidents entirely. Users with this ACL may not have any access to records in the Incident table.

Example:

// Condition for "Incident with None" ACL

current.setAbortAction(true); // This prevents any action on the record

2. **Incident with * (Asterisk):**

- This ACL could mean unrestricted access to all incidents. Users with this ACL might have full access to view, create, update, and delete incident records.

Example:

// Condition for "Incident with *" ACL

// No specific conditions, allowing all operations on the record

3. **Incident with Short Description:**

- This ACL might be more specific, restricting access based on the content of the "Short Description" field. Users with this ACL might have access to incidents only if the short description meets certain criteria.

Example:

// Condition for "Incident with Short Description" ACL

current.short_description == 'Specific Criteria' // Access is granted only if the short description meets specific criteria

These are hypothetical examples, and actual ACL conditions can vary based on your organization's requirements and ServiceNow instance configuration. ACLs are crucial for ensuring data security and controlling user access to records. Always test ACLs in a non-production environment before applying them to production data to avoid unintended consequences.

Thanks,

Danish

View solution in original post

Maik Skoddow · ‎11-26-2023

Hi @Likith

there are tons of resources which explain the topic of ACLs and how they work. So please check them first and start learning. As a starting point you can use my page Access Control Lists (ACL)

Maik

Sonam_Tiwari · ‎11-26-2023

Hi @Likith ,

When you say incident with none or otherwise called as table.none ACL, it means that the ACL is being applied on the whole incident table whereas incident.* , also referred as table.* or widcard ACL is when you are applying access restriction to all the fields of that table. In this case, to all the fields of the incident table.
Next, the incident.short_description is your field level and field specidfic ACL

Also, refer this for ACL matching. This one always helps in need.

https://docs.servicenow.com/bundle/vancouver-platform-security/page/administer/contextual-security/c...

Consider indicating the response as helpful and marking it as correct if it meets your needs.

Maik Skoddow · ‎11-26-2023

This picture is pretty much the worst representation I've ever seen in my life. I always get a headache when I try to understand it.

Danish Bhairag2 · ‎11-26-2023

Hi @Likith ,

Here's an explanation of each:

1. **Incident with None:**

- This likely refers to an ACL rule that restricts access to incidents entirely. Users with this ACL may not have any access to records in the Incident table.

Example:

// Condition for "Incident with None" ACL

current.setAbortAction(true); // This prevents any action on the record

2. **Incident with * (Asterisk):**

- This ACL could mean unrestricted access to all incidents. Users with this ACL might have full access to view, create, update, and delete incident records.

Example:

// Condition for "Incident with *" ACL

// No specific conditions, allowing all operations on the record

3. **Incident with Short Description:**

- This ACL might be more specific, restricting access based on the content of the "Short Description" field. Users with this ACL might have access to incidents only if the short description meets certain criteria.

Example:

// Condition for "Incident with Short Description" ACL

current.short_description == 'Specific Criteria' // Access is granted only if the short description meets specific criteria

These are hypothetical examples, and actual ACL conditions can vary based on your organization's requirements and ServiceNow instance configuration. ACLs are crucial for ensuring data security and controlling user access to records. Always test ACLs in a non-production environment before applying them to production data to avoid unintended consequences.

Thanks,

Danish