ACL is not working on table level (Incident)

Akshay Jadhav1 · ‎02-25-2025

Hello All,

I have a requirement where only users from a specific group should be able to view incidents. To achieve this, I created an ACL, as shown in the screenshot below.

Initially, I attempted to implement this using a script:

if (gs.getUser().isMemberOf("RI - VTB Board"))
{
answer = true;
}
else { answer = false; }

However, this approach did not work. After researching on the community forums, I found suggestions to create a custom role instead. I tried that as well, but the ACL is still not working at the table level for the incident table.

Interestingly, when I applied ACLs at the field level, everything worked fine—whether using a script or a role.

However, when applying the ACL at the table level, it does not work.

Additionally, when I applied the ACL and selected "None" for the field, I encountered the following error in the logs:

"Invalid query detected, please check logs for details [Unknown field null in table incident]"

To troubleshoot, I changed the field to "* (all fields)," which removed the error, but the ACL still did not work as expected.

Note: I also tried deactivating all OOB ACLs, but the issue persists.

Has anyone faced a similar issue or have any suggestions on how to resolve this? Any guidance would be greatly appreciated.

Thanks,

@Ankur Bawiskar
@Rick54

AndersBGS · ‎02-25-2025

Hi @Akshay Jadhav1 ,

Why not utilizing a deny-unless ACL? That would make more sense according to your requirement.

If my answer has helped with your question, please mark my answer as the accepted solution and give a thumbs up.

Best regards
Anders

Rising star 2024
MVP 2025
linkedIn: https://www.linkedin.com/in/andersskovbjerg/

View solution in original post

AndersBGS · ‎02-25-2025

Hi @Akshay Jadhav1 ,

Why not utilizing a deny-unless ACL? That would make more sense according to your requirement.

If my answer has helped with your question, please mark my answer as the accepted solution and give a thumbs up.

Best regards
Anders

Rising star 2024
MVP 2025
linkedIn: https://www.linkedin.com/in/andersskovbjerg/

Ankur Bawiskar · ‎02-25-2025

@Akshay Jadhav1

remember you can create new table.None READ ACL with your script

But you will also have to take into account that there is an OOB query business rule on incident table

what about that?

If my response helped please mark it correct and close the thread so that it benefits future readers.

Regards,
Ankur
✨ Certified Technical Architect || ✨ 9x ServiceNow MVP || ✨ ServiceNow Community Leader

Ankur Bawiskar · ‎02-26-2025

@Akshay Jadhav1

Thank you for marking my response as helpful.

As per new community feature you can mark multiple responses as correct.

If my response helped please mark it correct as well so that it benefits future readers.

Regards,
Ankur
✨ Certified Technical Architect || ✨ 9x ServiceNow MVP || ✨ ServiceNow Community Leader

Valentin CLOUP · ‎02-25-2025

Allow if ACL work by giving access to records, not by limiting it. Think about a door, secured by a lock. Your ACL is a key, having a key mean you can open the door, but it does not mean that its the only key to the door.

As suggested above, a deny-unless ACL would probably do the trick, as it is a different kind of restriction that explicitely deny access unless you match the ACL criteria.