ACL not working as expected

Go to solution
ChrisWing
Mega Guru

‎11-13-2024 03:29 PM

I have a requirement for a specific catalog item to restrict the ability to update Assignment Group.  I have built a ACL to this effect that unless it is a ServiceNow Admin the field will be read only. In the conditions it says it will affect the appropriate number of records, however in practice it is affecting other catalog items as well.  What did I do wrong?

 

ChrisWing_0-1731540548874.png

By saying the ServiceNow Admins have write access that implies the rest of the people do not, and the data condition should restrict it to the one catalog item correct?

0 Helpfuls
  • 1,752 Views
1 ACCEPTED SOLUTION

Go to solution
ChrisWing
Mega Guru

‎11-15-2024 10:27 AM

So turns out I was being too restrictive and working in the wrong direction.  Adjusted my ACL to say for anything other then the one situation you have the write permission. Shown below for others in the same boat.  Now working as I expected.

ChrisWing_0-1731695215261.png

 

View solution in original post

0 Helpfuls
6 REPLIES 6

Go to solution
Dhruv Chandan
Giga Guru

‎11-13-2024 03:48 PM

Hi Chris,

 

Was a script initially created within the ACL and subsequently removed by deselecting the "Advanced" option? This has previously led to some confusion for me as well.

 

If yes, please remove that script completely and then uncheck the advance option.

 

Hope this helps.

 

Thanks,

Dhruv

0 Helpfuls

Go to solution
ChrisWing
Mega Guru

‎11-14-2024 06:34 AM

Inside the screenshot the Advanced button isn't checked, so I flipped it on and the script is still empty, turned it back off.  That isn't the culprit here.

 

0 Helpfuls

Go to solution
Brad Bowman
Kilo Patron
Kilo Patron

‎11-14-2024 10:01 AM

Can you confirm that when this ACL is deactivated, non-admins can update the Assignment group field on Catalog Task records related to this Catalog Item and others?  Then once you activate the ACL, are you seeing that no users can update the Assignment group field on any Catalog Task?  Try adding admin to the Requires Role and removing the Security Attribute Condition.  Also check to see if you have other write ACLs on this field.

0 Helpfuls

Go to solution
ChrisWing
Mega Guru

‎11-15-2024 10:11 AM

So interestingly if I remove the ACL it is still restricted.

 

I went into production and checked and the field is not Read Only, I can not see any other recently ACLs that would be applied to that field but looking in the Access Control list isn't easy.  Is there a different way to see all the ACLs applied to a particular field coming from the form? 

0 Helpfuls