The CreatorCon Call for Content is officially open! Get started here.

ACL Field Level Access execution.

Ankit Kumar6
Tera Contributor

‎09-28-2023 09:02 AM - edited ‎09-28-2023 09:02 AM

Hi Team,

 

If we write 2 ACLs on a single field one is to provide access and the other is to restrict access, The user will have access to the field.

Can anyone please let me know the logic behind this?

 

Thanks&Regards,

Ankit

0 Helpfuls
  • 333 Views
2 REPLIES 2

Sandeep Rajput
Tera Patron
Tera Patron

‎09-28-2023 09:15 AM

@Ankit Kumar6 If multiple ACLs are defined on the same object (Table/Field) only one of them needs to evaluate to true to grant access to that object.

 

Equate this to an OR operation where the condition becomes true if one of the operands evaluates to true. This behaviour is by design and allows greater flexibility.

 

Consider an example of a field level ACL for phone number field on sys_user table, there are two ACLs defined one checks the role and the other one checks role + script. Instance will evaluate these ACLs and only evaluate upto a point till one of them evaluates to true and grant access. Had ServiceNow made it compulsory to evaluate both ACLs to true to grant access only a handful of users with superior access would have gotten access rest would have failed to gain access as not all ACLs evaluated true for them.

 

0 Helpfuls

Manoj89
Giga Sage

‎09-28-2023 09:20 AM

Hi Ankit,

 

ACLs work that way if one ACL returns true the field becomes accessible.

0 Helpfuls