ACL does not work

Leonel Sandroni · ‎06-11-2023

I need to work with an ACL in order to fulfill next requirements:

-Demand Managers and Demand Users shouldn't be able to edit demands and their artifacts when a demand is in completed or rejected state

-Admin and PPS admin can do it.

I'm trying to configure a new ACL

anyway, It doesn't work. I impersonated with a Demand Manager user and I can edit demands in completed state...

My questions:
Is this ACL properly configured?
Can others ACL override this one? In this case: Is it better edit existing ACLs o definetively make a new one?

Manmohan K · ‎06-11-2023

Hi @Leonel Sandroni

There would be some other ACLs which are providing access to demand manager and users. Please check other write ACLs on demand table

Hayo Lubbers · ‎06-12-2023

Hi @Leonel Sandroni ,

Your ACL allows admin, pps_admin and it_pps_admin to write the dmn_demand record in the selected states.

To see which ACL provides access to the dmn_demand for the demand manager, you can debug the ACL's. Just enable debugging, impersonate, open the screen and you will see in the list below your form something like record/dmn_demand/write. The flag show you which ACL gave access.

More info : https://docs.servicenow.com/bundle/utah-platform-security/page/administer/contextual-security/concep...

Sohail Khilji · ‎06-12-2023

@Leonel Sandroni ,

The ACL which you have configured is fine has no issues with it, The is already an ACL which is providing access and that must be the reason you see your ACL no working. You can open the existing write ACL and reconfigure it as per needed. That must help.

☑️ Please mark responses as HELPFUL or ACCEPT SOLUTION to assist future users in finding the right solution....

LinkedIn - Lets Connect

Leonel Sandroni · ‎06-12-2023

Ok, I got it but...there are many ACLs that provide permissions for any demand field so it's so difficult to edit acl by acl. Do you know about another solution? for example, make my ACL the first one to be executed.