ACL is not working

harishdasari · ‎09-19-2016

Hi,

I have created a ACL on incident table with READ permissions for a particular group. But when I impersonate the particular user from that group it is still allowing to edit. I have created a group and assigned a role to it and I have associated this role with incident read ACL. But still it is not working.I have tried to Debug the ACL, but no use. can anyone help me the process of creating ACL and stopping particular group users to edit the incident form. Without using the script can't I stop users to edit the form ?

Thanks

xiaix · ‎09-19-2016

So you need a certain group to NOT have write access to the Incident table?

If correct, then create a new role, ex: incident_no_write and assign the user/group that role.

Then, create an ACL similar to this:

View solution in original post

bernyalvarado · ‎09-19-2016

Hi Harish,

It sounds like you actually want to look into the WRITE ACLs. If you create a write ACL at the table level and assign a role to only those who should be able to edit it then you should be able to see that the user you're impersonating is no longer able to edit the fields for that table (form).

Thanks,

Berny

bernyalvarado · ‎09-19-2016

Another pointer, keep in mind how ACLs are evaluated since you could have various ACLs that may be granting write access to the table/field.

http://wiki.servicenow.com/index.php?title=Using_Access_Control_Rules#Processing_Order_for_Record_AC...

I hope this helps

Thanks,

Berny

xiaix · ‎09-19-2016

So you need a certain group to NOT have write access to the Incident table?

If correct, then create a new role, ex: incident_no_write and assign the user/group that role.

Then, create an ACL similar to this:

xiaix · ‎09-19-2016

Actually, script should look like this:

if (gs.hasRole('incident_no_write'){

         answer = false;

} else {

     answer = true;     

}