ACL not working properly

amaneet
Kilo Contributor

‎07-12-2017 09:17 AM

Hi Folks,

I have one custom table/application and have modified one ACL out of the ones which get generated automatically.

My intention is to limit the visibility of records to only those where there are assigned.

So i have modified the read ACL to include one more role(ITIL)

and wrote an advanced script

answer= current.assigned_to==gs.getuserid();

everything works fine except the ITIL users are not able to create new records. Only submit button appears on form (no fields)

If i remove the advanced script from read ACL, they are able to create.

Am i missing something, please guide?

0 Helpfuls
  • 4,888 Views
15 REPLIES 15

amaneet
Kilo Contributor
In response to abhishekdash

‎07-12-2017 10:19 AM

Can some one help me to understand the difference between table.none and table.*   (with example)


0 Helpfuls

abhishekdash
ServiceNow Employee
ServiceNow Employee
In response to amaneet

‎07-12-2017 10:26 AM

Sure Amanjeet,



Table.none is the access to the table.


Table.* is the access to all the fields inside the table. You can have table.fieldname to provide access to specific fields.



Below doc will help you understand the same.  



Access control rules



I would also suggest reading the process order for record acl rules:



Process order for record ACL rules



Record ACL rules are processed in the following order:


  • Match the object against field ACL rules.
  • Match the object against table ACL rules.


Hope this helps.



Thanks,


Abhishek



If this reply assisted you, please consider marking it Correct, Helpful, or Like it.


This helps other customers to learn from your thread.


0 Helpfuls

lSurya 24
Giga Guru
In response to amaneet

‎07-12-2017 10:27 AM

Hello,



Table.none gives access to only table whereas table.* gives access to all the fields on the table. simply table.none is a row level whereas table.* is a column level.
You will find so many links for example on wiki and community on this.



Hope it helps.


0 Helpfuls

Dave Smith1
ServiceNow Employee
ServiceNow Employee
In response to amaneet

‎07-12-2017 10:28 AM

Imagine a hotel. You walk into the reception, where there are doorways leading off to other places. Some a bar, a lounge, a study, the lifts.. others into private areas (staff quarters, cloakroom, etc):



  • table.bar is a rule that affects JUST that individual room - the bar.
  • table.lounge affects JUST the lounge
  • table.* is a default for all doors, overridden by more specific ones (see above)


So in this case, I would give a hotel guest table.* = entry but then have table.cloakroom = entry for hotel staff. This overrides the standard rule for hotel guests, permitting only specific roles (hotel staff) entry to the cloakroom.



Lastly, table.NONE is a rule that says whether or not you can enter the hotel. If guests don't have table.NONE = entry then any table.* or table.field rules for them are pointless because they never get to see them.



Hope that helps.


0 Helpfuls

abhishekdash
ServiceNow Employee
ServiceNow Employee
In response to Dave Smith1

‎07-12-2017 10:31 AM

Awesome way to explain!!


0 Helpfuls