ACL isMemberOf not working in scoped app

leahdany · ‎03-09-2021

I'm in the Security Incident Response scoped app trying to make a read ACL for members of a certain group. I read that isMemberOf does not work in scoped apps, but it's listed on the developer site in the scoped app APIs and is also used on other scoped app ACLs.

On "sn_si_task" I only want members of a certain group to be able to read these tasks if the conditions are true. It's not working with the simple below script, but it also doesn't work if I do a glide record to the sys_user_grmember table either.

Here's the ACL

Here's the execution plan

It's not working. As an admin, I am not a member of that group but I can still read the records. These are the only read ACLs for this table and mine should evaluate first and not allow me to read these records.

Ankur Bawiskar · ‎03-09-2021

Hi,

I have used isMemberOf() in scoped application and it works well.

Please check any other table level READ ACL is allowing the access

Debug the security rules and check once

Regards
Ankur

Regards,
Ankur
✨ Certified Technical Architect || ✨ 9x ServiceNow MVP || ✨ ServiceNow Community Leader

View solution in original post

Ankur Bawiskar · ‎03-09-2021

Hi,

I have used isMemberOf() in scoped application and it works well.

Please check any other table level READ ACL is allowing the access

Debug the security rules and check once

Regards
Ankur

Regards,
Ankur
✨ Certified Technical Architect || ✨ 9x ServiceNow MVP || ✨ ServiceNow Community Leader

leahdany · ‎03-10-2021

Thanks. I had to go to the other read ACL that was executing after mine and add the opposite of my conditions to it. Now it's working fine.

Ankur Bawiskar · ‎03-10-2021

@leahdany

That's what I mentioned whether any other READ Acl is allowing the access.

Glad to help.

Regards
Ankur

Regards,
Ankur
✨ Certified Technical Architect || ✨ 9x ServiceNow MVP || ✨ ServiceNow Community Leader