ACL Scenario Help !!

sanyalshubh · ‎01-28-2025

Users with Role A should have write access to all field except Configuration Item on incident table and Role B should have write access to Configuration Item field and all other fields should be read only?

Ankur Bawiskar · ‎01-28-2025

@sanyalshubh

so what did you start with?

It's an easy requirement

1) field level WRITE on Configuration Item field -> Advanced script check logged in user

gs.getUserID() == 'user B sysId'

2) Table.* WRITE ACL and advanced script

gs.getUserID() == 'user A sysId'

OR

You can use onLoad client script if you don't want to mess with ACLs

If my response helped please mark it correct and close the thread so that it benefits future readers.

Regards,
Ankur
✨ Certified Technical Architect || ✨ 9x ServiceNow MVP || ✨ ServiceNow Community Leader

View solution in original post

Ravi Gaurav · ‎01-28-2025

Hi @sanyalshubh
you can perform the below way :-

Reference :-

1. Create new Table.None Read ACL and add both Role A and Role B which will allow both users to get row level read access.
2. Create new Table.None Write ACL and add both Role A and Role B which will allow them to get row level write access.
3. Create new Table.* Write ACL and add Role A only which will allow Role A users to edit all fields on incident table.
4. Create new Table.configuration_item Write ACL and add Role B which will allow only Role B to edit configuration item and it will not provide editable access to Role A users.

--------------------------------------------------------------------------------------------------------------------------

If you found my response helpful, I would greatly appreciate it if you could mark it as "Accepted Solution" and "Helpful."
Your support not only benefits the community but also encourages me to continue assisting. Thank you so much!

Thanks and Regards
Ravi Gaurav | ServiceNow MVP 2025,2024 | ServiceNow Practice Lead | Solution Architect
CGI
M.Tech in Data Science & AI

 YouTube: https://www.youtube.com/@learnservicenowwithravi
 LinkedIn: https://www.linkedin.com/in/ravi-gaurav-a67542aa/

View solution in original post

Sandeep Rajput · ‎01-28-2025

@sanyalshubh You need to create two write ACLs on the incident table.

1. incident.* In this ACL add the Role A in the role list

2. incident.configuration_item, Add Role B in the role list

View solution in original post

Dr Atul G- LNG · ‎01-28-2025

Hi @sanyalshubh

You need to create 2 different ACL with 2 different operations and add role.

*************************************************************************************************************
If my response proves useful, please indicate its helpfulness by selecting " Accept as Solution" and " Helpful." This action benefits both the community and me.

Regards
Dr. Atul G. - Learn N Grow Together
ServiceNow Techno - Functional Trainer
LinkedIn: https://www.linkedin.com/in/dratulgrover
YouTube: https://www.youtube.com/@LearnNGrowTogetherwithAtulG
Topmate: https://topmate.io/atul_grover_lng [ Connect for 1-1 Session]

****************************************************************************************************************

Ankur Bawiskar · ‎01-28-2025

@sanyalshubh

so what did you start with?

It's an easy requirement

1) field level WRITE on Configuration Item field -> Advanced script check logged in user

gs.getUserID() == 'user B sysId'

2) Table.* WRITE ACL and advanced script

gs.getUserID() == 'user A sysId'

OR

You can use onLoad client script if you don't want to mess with ACLs

If my response helped please mark it correct and close the thread so that it benefits future readers.

Regards,
Ankur
✨ Certified Technical Architect || ✨ 9x ServiceNow MVP || ✨ ServiceNow Community Leader

Ravi Gaurav · ‎01-28-2025

Hi @sanyalshubh
you can perform the below way :-

Reference :-

1. Create new Table.None Read ACL and add both Role A and Role B which will allow both users to get row level read access.
2. Create new Table.None Write ACL and add both Role A and Role B which will allow them to get row level write access.
3. Create new Table.* Write ACL and add Role A only which will allow Role A users to edit all fields on incident table.
4. Create new Table.configuration_item Write ACL and add Role B which will allow only Role B to edit configuration item and it will not provide editable access to Role A users.

--------------------------------------------------------------------------------------------------------------------------

If you found my response helpful, I would greatly appreciate it if you could mark it as "Accepted Solution" and "Helpful."
Your support not only benefits the community but also encourages me to continue assisting. Thank you so much!

Thanks and Regards
Ravi Gaurav | ServiceNow MVP 2025,2024 | ServiceNow Practice Lead | Solution Architect
CGI
M.Tech in Data Science & AI

 YouTube: https://www.youtube.com/@learnservicenowwithravi
 LinkedIn: https://www.linkedin.com/in/ravi-gaurav-a67542aa/

Ankur Bawiskar · ‎01-28-2025

@sanyalshubh

onload client script like this

function onLoad() {

    var userId = g_user.userID;
    var fields = g_form.getEditableFields();
    if (userId == 'user B sysId') {
        for (var x = 0; x < fields.length; x++) {
            g_form.setReadOnly(fields[x], true);
        }
        g_form.setReadOnly('cmdb_ci', false);
    } else if (userId == 'user A sysId') {
        for (var x = 0; x < fields.length; x++) {
            g_form.setReadOnly(fields[x], false);
        }
        g_form.setReadOnly('cmdb_ci', true);
    }
}

If my response helped please mark it correct and close the thread so that it benefits future readers.

Regards,
Ankur
✨ Certified Technical Architect || ✨ 9x ServiceNow MVP || ✨ ServiceNow Community Leader