The CreatorCon Call for Content is officially open! Get started here.

ACL's & permissions

jasonbrough
Kilo Expert

‎08-19-2015 03:35 AM

Hi all,

being fairly new to ServiceNow (and being stuck on Dublin), I don't know whether this functionality already exists in Dublin or future versions, so I thought I would throw this question out to the community and see what the experts know.

I want a way to enter a users name and see what their account allows them access to. For example, I want to see which ACL's & permissions apply to them and therefore whether they have read / write / update / delete access to certain tables.

Does anyone know of any existing functionality that I can use or has anyone done anything similar in ServiceNow? I've considered writing a re-usable script but I'm not sure which is the best approach. Any help / advise appreciated,

cheers

Jason

0 Helpfuls
  • 1,792 Views
7 REPLIES 7

mechamberlain
Mega Expert
In response to The SN Nerd

‎05-05-2016 09:43 AM

Paul,



I'd be very interested to see this!   I am heading to K16 this month...are you planning to show it?



Thanks.


0 Helpfuls

The SN Nerd
Giga Sage
Giga Sage
In response to mechamberlain

‎05-05-2016 05:45 PM

I hope you're sticking around for CreatorCon!



Sign up below:


Automated Testing - Deploy Changes & Upgrade with Confidence



ServiceNow Nerd
ServiceNow Developer MVP 2020-2022
ServiceNow Community MVP 2019-2022
0 Helpfuls

The SN Nerd
Giga Sage
Giga Sage

‎09-17-2015 06:05 PM

I use the GlideSecurityManager to do my security checks as I have found that .canRead and canWrite methods on GlideElements do not always give expected results, as I don't think they are evaluated in the context of a particular record.


Code example can be seen below. You could use this to loop through each table and field and output the result.



function evalACL(user, record, operation, field) {



   var currentUser = gs.getUserID();



   gs.getSession().onlineImpersonate(user);



   var sm = GlideSecurityManager.get();



   var aclCheck = 'record/' + record.getTableName();



   if (!JSUtil.nil(field) ) {



   aclCheck = aclCheck + '.' + field;



   }



   aclCheck = aclCheck + '/' + operation;



   gs.print(aclCheck);



   var hasRights = sm.hasRightsTo(aclCheck, record);



   gs.getSession.onlineImpersonate(currentUser );



   return hasRights;



}


Example usage



var gr = new GlideRecord('incident');



gr.setLimit('1');



gr.query();



gr.next();



var output = evalACL( 



   '0a826bf03710200044e0bfc8bcbe5d7a',   



   gr,



   'write',



   'number'



 );

ServiceNow Nerd
ServiceNow Developer MVP 2020-2022
ServiceNow Community MVP 2019-2022
0 Helpfuls