ACL Hierarchy

Go to solution
kailashthiyagar
Kilo Guru

‎09-13-2017 11:05 AM

sanjivmeher

Hi Sanjiv,

This is the continuation of our discussion "ACL for Extended table".   Right now, in my personal instance, i created a table "EUTS Demand" in my custom scope. I created ACL with the role as "EUTS Admin". Added "Abel Tuter" to the role as well

The initial ACL which got created by default has the name as "Table". "None". When i impersonated as "Abel", all the fields are coming as "Read only" when i try to create a new record in "EUTS Demand".

I created another Write ACL with the name as "Table"."*", and "Create" ACL with the name as "Table"."*" then when i impersonated as "Abel", i m able to see all the records coming as editable.

Q:In normal table creation(not the extended ones), an ACL with name "Table"."None" would work when we add the user but its not working here..

Still there are some fields which are referenced to other tables are not even appearing on the form, "Goal", "Program", "Work Notes",   "Watch List". why???

This is my personal instance, i guess you can request admin password. If not let me know.

ServiceNow

0 Helpfuls
  • 3,499 Views
1 ACCEPTED SOLUTION

Go to solution
SanjivMeher
Mega Patron
In response to kailashthiyagar

‎09-13-2017 03:01 PM

Yes. You need to have the parent table role in child as well.


For example incident, if you extend incident for scoped app, the new role should have itil. One of the reasons is ServiceNow wont be ableto count how many itil licenses you are consuming.



Also for the edit/delete worknotes, you need to create your own script and either disable or add condition on the Global script to not run when sys_class_name is your new table.



Please mark this response as correct or helpful if it assisted you with your question.

View solution in original post

0 Helpfuls
15 REPLIES 15

Go to solution
SanjivMeher
Mega Patron

‎09-13-2017 01:38 PM

Can you provide me the credentials?



Please mark this response as correct or helpful if it assisted you with your question.
0 Helpfuls

Go to solution
kailashthiyagar
Kilo Guru
In response to SanjivMeher

‎09-13-2017 01:51 PM

sanjivmeher



admin


Sumathi#11


0 Helpfuls

Go to solution
SanjivMeher
Mega Patron
In response to kailashthiyagar

‎09-13-2017 02:09 PM

Can you check now? You did not add the it_demand_manager role to the AUT Admin role.


You need to provide it_demand_manager role since thats your parent tables role



Please mark this response as correct or helpful if it assisted you with your question.

Go to solution
kailashthiyagar
Kilo Guru
In response to SanjivMeher

‎09-13-2017 02:51 PM

sanjivmeher



Thanks , its working.. But want to know the reasoning. Is it mandatory condition to have the extended table role contains the parent table role?



Also, i want to edit/delete the work notes, by going to history--> List and then editing/deleting the lines...



Here are the conditions



For Delete history line:


  1. gs.hasRole('admin') && (current.field == 'work_notes' || current.field == 'comments')


and for Update history line:


(gs.hasRole('admin') || gs.hasRole('itil_admin')) && (current["new"].canWrite() || current["old"].canWrite()) && (current.field == 'work_notes' || current.field == 'comments' || current.field == 'short_description' || current.field == 'description')




They are in Global scope, if i have to include my condition, do i have any option to do it in custom scope other than doing it in Global?


0 Helpfuls