Access Controls

Rooma1
Tera Contributor

‎02-13-2024 05:11 AM - edited ‎02-13-2024 05:13 AM

Hi All,

 

I have been asked in an interview a question related to ACL which made me confused if the answer I gave was correct or not.

 

Suppose there is an ACL on table incident.None and a custom role is added and in the second ACL incident.* itil role is added , whether the user having the ITIL role will able to access the incident table?

 

Thanks,

Rooma

0 Helpfuls
  • 297 Views
4 REPLIES 4

Sarika S Nair1
Kilo Sage

‎02-13-2024 05:59 AM

No..itil role user cannot access the table since the table level access was given to custom role.

0 Helpfuls

Dr Atul G- LNG
Tera Patron
Tera Patron

‎02-13-2024 06:00 AM

Hi @Rooma1 

 

 

ACL on

First ACL table incident.None and a custom role is added 

second ACL incident.* itil role is added ,

 

whether the user having the ITIL role will able to access the incident table?

Atul: No, itIL user not.

*************************************************************************************************************
If my response proves useful, please indicate its helpfulness by selecting " Accept as Solution" and " Helpful." This action benefits both the community and me.

Regards
Dr. Atul G. - Learn N Grow Together
ServiceNow Techno - Functional Trainer
LinkedIn: https://www.linkedin.com/in/dratulgrover
YouTube: https://www.youtube.com/@LearnNGrowTogetherwithAtulG
Topmate: https://topmate.io/atul_grover_lng [ Connect for 1-1 Session]

****************************************************************************************************************
0 Helpfuls

Anand Kumar P
Giga Patron
Giga Patron

‎02-13-2024 06:05 AM - edited ‎02-13-2024 06:06 AM

Hi @Rooma1 ,

Custom role or ITIL role  should be added to both table level ACL and star level ACL then only they can first grant access to table level and then access all fields.
For more info:https://docs.servicenow.com/bundle/washingtondc-platform-security/page/administer/contextual-securit... 

 

Mark it as helpful and solution proposed if it serves your purpose.
Thanks,
Anand

0 Helpfuls

Sanjeeva Reddy1
Giga Guru

‎02-14-2024 08:52 AM

Hi Rooma,

 

I have explained with an example below and it might be clear to you.

 

‘*’ applies to field level access, while ‘None’ applies to whole table access. ‘*’ will override ‘None’.

 

Table.* is a field level ACL that gives access to all fields on that table.

 

Table.None is a row level ACL which allows you to access records.

 

Example:

1). If you define a read ACL with:

     Table.None for admin & itil

     Result: Both 'admin' and 'itil' will be able to view all records because they have read access to all records with no field restrictions.

 

2). If you define a read ACL with:

     Table.None for admin & itil & Table.* for admin

     Result: Only the 'admin' will have read access because Table.* is an explicit rule at the field level that grants only admin read access to all fields.

 

3). If you define a read ACL with:

     Table.None for admin & Table.* for itil

     Result: 'itil' will not be able to view any records because they only have read access at the field level and not at the record/row level.

 

If the answer has helped you, please mark the answer as correct/helpful.

 

Regards,

Sanjeeva.Y.Reddy.