Join the #BuildWithBuildAgent Challenge! Get recognized, earn exclusive swag, and inspire the ServiceNow Community with what you can build using Build Agent.  Join the Challenge.

ACL to prevent Updated and Updated by fields from being edited in list view

Go to solution
clyon
Tera Guru

‎07-11-2017 07:09 AM

I created a new table and have the permission working as I need them with the exception of the ability of the user to be able to update the Updated and Updated by fields on the list view.

I have the following ACL's for this requirement

1. write - table - None

     User role

2. list_edit - table - Updated

     no role specified

 

I know the first ACl i have give the write ability to the user role for all. I would have assumed that by adding the 2nd Acl that that would have locked it down.

I also have tried the following ACL's

1. write - table -  Sensitive Data

     User role

2. write - table -  Protection Method Code

     User role

3. write - table - Comments

     User role

I thought this would have given write abiility to these 3 fields for the user, and not for the other fields not specified.

What am I missing?

Labels:
0 Helpfuls
  • 3,876 Views
1 ACCEPTED SOLUTION

Go to solution
Chuck Tomasi
Tera Patron

‎07-11-2017 07:16 AM

Hi Christina,



Use the list_edit operation and give it the role 'nobody'. Alternatively, you can use a condition that is never going to be satisfied like "updated | is empty" or check Advanced and put in the script field



answer=false;



You only need one to be true. Any of those will defeat list editing for that field.



Docs: Access control rules


Docs: Contextual security  


Security Best Practices - ServiceNow Wiki


View solution in original post

3 REPLIES 3

Go to solution
Chuck Tomasi
Tera Patron

‎07-11-2017 07:16 AM

Hi Christina,



Use the list_edit operation and give it the role 'nobody'. Alternatively, you can use a condition that is never going to be satisfied like "updated | is empty" or check Advanced and put in the script field



answer=false;



You only need one to be true. Any of those will defeat list editing for that field.



Docs: Access control rules


Docs: Contextual security  


Security Best Practices - ServiceNow Wiki


Go to solution
rob_pastore
ServiceNow Employee
ServiceNow Employee
In response to Chuck Tomasi

‎07-11-2017 07:18 AM

Agree with Chuck.



Also worth noting that these fields should be read only OOB - make sure you are not testing as an admin.   I would think they would be the only ones who could update these fields anyway.


Go to solution
clyon
Tera Guru

‎07-11-2017 07:28 AM

I used the answer=false; in the script field and that did the trick.   Thanks!!!


0 Helpfuls