ACL not restricting data

Anubhav24
Mega Sage
Mega Sage

‎09-11-2023 01:34 AM

Hi All,

 

I have a custom table which has table.none and table.* ACLs with custom roles to restrict access.

Now I want to show only those records to the logged in user if the user is part of the Assignment group on the record.

 

Created an ACL as table.* and in conditions mentioned assignment group is(dynamic) one of my groups, and added the role which is needed to give read/view access on the table.

 

Result : The records are not restricted and user is able to see other assignment group records as well of which user is not part of.

Tried debugging it all ACLs are being passed by the user. Should I write the condition in the script tab ? Going to try this next.

0 Helpfuls
  • 510 Views
13 REPLIES 13

Ankur Bawiskar
Tera Patron
Tera Patron
In response to Anubhav24

‎09-11-2023 03:00 AM

@Anubhav24 

are you sure this ACL is allowing the data?

Are there records in that table where group is one of the logged in user's group?

Did you debug ACLs?

Regards,
Ankur
Certified Technical Architect  ||  9x ServiceNow MVP  ||  ServiceNow Community Leader
0 Helpfuls

Anubhav24
Mega Sage
Mega Sage
In response to Ankur Bawiskar

‎09-11-2023 03:27 AM

Yes Ankur , this table.none ACL which I created is not restricting data and showing all records with the intended profile. However , when I deactivated this ACL and modified the existing "table.none" ACL and added the condition of Assignment group is one of my groups it started working fine.

 

So my question out here is : If there is an existing read record "Table.None" ACL on a table and it has 4 roles to be validated as well and now if we have a requirement that the system should show only those records of which the logged in user is part of the assignment group , should we create a new read record "table.none" ACL or should we modify the existing read record "table.none" ACL.

What is the best approach out here? 

0 Helpfuls

Anubhav24
Mega Sage
Mega Sage
In response to Ankur Bawiskar

‎09-11-2023 03:28 AM

Yes I tried debugging as well , did not go through the complete details but no ACL was failing

0 Helpfuls

Ankur Bawiskar
Tera Patron
Tera Patron
In response to Anubhav24

‎09-11-2023 04:48 AM

@Anubhav24 

on a table there should be only 1 table level READ if that's your requirement.

If there are multiple table level READ ACL then any 1 is passed it will show the information and won't restrict as per your table level READ

So you can do this

1) update OOB table level READ ACL with that condition
OR

2) deactivate OOB one and create your own Table.None READ ACL

If my response helped please mark it correct and close the thread so that it benefits future readers.

Regards,
Ankur
Certified Technical Architect  ||  9x ServiceNow MVP  ||  ServiceNow Community Leader
0 Helpfuls

Anubhav24
Mega Sage
Mega Sage
In response to Ankur Bawiskar

‎09-11-2023 03:00 AM

I think there is already a read ACL as table.None with 4 roles specified that is the reason it is not restricting data , should I place the assignment group condition on the existing ACL ?

0 Helpfuls