ACL isMemberOf not working in scoped app

leahdany
Giga Guru

I'm in the Security Incident Response scoped app trying to make a read ACL for members of a certain group. I read that isMemberOf does not work in scoped apps, but it's listed on the developer site in the scoped app APIs and is also used on other scoped app ACLs.

On "sn_si_task" I only want members of a certain group to be able to read these tasks if the conditions are true. It's not working with the simple below script, but it also doesn't work if I do a glide record to the sys_user_grmember table either.

Here's the ACL

find_real_file.png

find_real_file.png

 

Here's the execution plan

find_real_file.png

It's not working. As an admin, I am not a member of that group but I can still read the records. These are the only read ACLs for this table and mine should evaluate first and not allow me to read these records.

1 ACCEPTED SOLUTION

Ankur Bawiskar
Tera Patron
Tera Patron

Hi,

I have used isMemberOf() in scoped application and it works well.

Please check any other table level READ ACL is allowing the access

Debug the security rules and check once

Regards
Ankur

Regards,
Ankur
✨ Certified Technical Architect  ||  ✨ 9x ServiceNow MVP  ||  ✨ ServiceNow Community Leader

View solution in original post

3 REPLIES 3

Ankur Bawiskar
Tera Patron
Tera Patron

Hi,

I have used isMemberOf() in scoped application and it works well.

Please check any other table level READ ACL is allowing the access

Debug the security rules and check once

Regards
Ankur

Regards,
Ankur
✨ Certified Technical Architect  ||  ✨ 9x ServiceNow MVP  ||  ✨ ServiceNow Community Leader

Thanks. I had to go to the other read ACL that was executing after mine and add the opposite of my conditions to it. Now it's working fine.

@leahdany 

That's what I mentioned whether any other READ Acl is allowing the access.

Glad to help.

Regards
Ankur

Regards,
Ankur
✨ Certified Technical Architect  ||  ✨ 9x ServiceNow MVP  ||  ✨ ServiceNow Community Leader